Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

portforward range of ports to cisco ASA ios 9.x

hi all,

 

i need to  portforward range of ports on asa from 10000-20000 .

 

need to forward it from asa pubic ip to lan ip ?

i have asa 5505 with ios 9.x

 

can you help me ?

 

 

regards

5 REPLIES
New Member

i tried :Create the Inbound

i tried :

Create the Inbound ACL for ports you need open 
ASA(config)#  access-list outside_access_in extended permit <tcp or udp> any host <public ip> range 10000 20000

NAT the external IP to the private IP
ASA(config)#  static (inside,outside) <public ip> <private ip> netmask 255.255.255.255

Apply the ACL to the interface
ASA(config)#  access-group outside_access_in in interface outside

 

 

but no luck ...... the commad   static (inside,outside) <public ip> <private ip> netmask 255.255.255.255 is not allowed on the asa ?

 

may be because ios 9.x ??

 

any help for cli command for ios 9 ?

VIP Green

Yes the static command is

Yes the static command is used pre 8.3.  Since 8.3 both the nat and ACL has been changed.  for ACL you should use the actual private IP of the server you are allowing access to as the destination IP.

for NAT you can refer to the following link which provides a good comparison between pre8.3 and 8.3 and new versions

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
VIP Green

Do you want to forward ports

Do you want to forward ports that arrive on ports 10000-20000 or do you want to forward any traffic going to that one server to that port range?  If the latter is the case then you could do something like the following:

object network HOST
  host 1.1.1.1

object service PORTS
  service tcp destination range 10000 20000

nat (inside,outside) source static HOST interface service any PORTS

access-list ACL permit tcp any host 1.1.1.1 range 10000 20000

access-group ACL in interface outside

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

thank you so much  can u plz

thank you so much

 

 

can u plz share to me the config for port forward range of ports 

 

and

 

the config for port forward all ports (DMZ) ???

 

regards

VIP Green

I updated my previous post

I updated my previous post where I forgot to include the link.

Could you please describe in more detail what you are trying to do when port forwarding a range of ports?  Do you mean translating ports 10000-20000 to a port in the range 30000-40000?

When you say port forward all ports in the DMZ?  Are you looking for the dynamic NAT configuration that is needed to reach the internet?

object network DMZ-subnet
  subnet 192.168.0.0 255.255.255.0
  nat (DMZ,outside) dynamic interface

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
266
Views
5
Helpful
5
Replies