Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

urgent hep with cisco ASA 5505 with port forwarding

hi  all ,

i have cisco asa 8.4  with asdm and  want to make portforward

my simple topology is as below :


inside with security 100

outside with security level 0

the outside interface has an ip public assume it is

and in my lan i have 3 private ips :

i want to open rdp for by portforward from asa

also i want to open http for

also https for

as an example

if somebody from internet need to access the host rdp , he has to use the ip with port of rdp

and who want to access web  of>

and who want to access https

i read alot , and googled alot , i dnt have clear solution about how to do my object above

any any one give me brief steps ?

im using asdm but no luck , it always fail !

i know that i need to do nat and allow access rules but still no luck

wish to help



Re: urgent hep with cisco ASA 5505 with port forwarding


Coudl you please show:

  • sh runn access-list
  • sh runn access-group
  • sh runn nat
  • sh runn object
  • sh runn object-group

NAT should be like:

object network MY_RDP


nat (inside,outside) static interface service tcp 3389 3389

PS: on outside ACL in you need to allow access to, and

New Member

Re: urgent hep with cisco ASA 5505 with port forwarding

object network RDP_Server


nat (inside,outside) static service tcp rdp rdp


object network HTTP_Server


nat (inside,outside) static service tcp http http


object network HTTPS_Server


nat (inside,outside) static service tcp https https

Also ensure your rules allow the connections.

New Member

Re: urgent hep with cisco ASA 5505 with port forwarding

hi all ,

thanks alot ,

but im fond of doing it by ASDM

im not good by cli , im still beginner

should i make print screen for u for my iusse ??

i will some print screen for u

New Member

urgent hep with cisco ASA 5505 with port forwarding

hi ,

mr jami ,

here is my lab asdm image :

here is sh run :

ciscoasa# sh run

: Saved


ASA Version 8.4(2)


hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface GigabitEthernet0

nameif UP

security-level 30

ip address


interface GigabitEthernet1

nameif DOWN

security-level 50

ip address


interface GigabitEthernet2

nameif LEFT

security-level 100

ip address


interface GigabitEthernet3

nameif RIGHT

security-level 0

ip address


interface GigabitEthernet4


no nameif

no security-level

no ip address


interface GigabitEthernet5


no nameif

no security-level

no ip address


ftp mode passive

object network gpohost


object service 8090

service tcp destination eq 8090

object service telnet

service tcp destination eq telnet

object network xp10


object network gogogogo


object network virus


object network nat_192


object network pool


object network 809055


object network nattt


description kkkkk

object network iiiiii


description hhhhhhhhhhh

object network jjjj


object network pppppppp


description ooooooooo

object network kkkkk


description iiiii

object network ll


object network portforwarddddd


object network RDP_Server


access-list RIGHT_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu UP 1500

mtu LEFT 1500

mtu DOWN 1500

mtu RIGHT 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645-204.bin

no asdm history enable

arp timeout 14400

access-group RIGHT_access_in in interface RIGHT

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http UP

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet UP

telnet RIGHT

telnet timeout 5

ssh DOWN

ssh timeout 5

console timeout 0

dhcpd auto_config UP

dhcpd update dns override


dhcpd address LEFT

dhcpd dns interface LEFT

dhcpd enable LEFT


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


username virus password 8GQz2i.ViIn9Z/x8 encrypted



prompt hostname context

no call-home reporting anonymous


profile CiscoTAC-1

  no active

  destination address http

  destination address email

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

crashinfo save disable


: end


herer is topoloy :

quick trial :

from asa console

object network RDP_Server



nat (LEFT,RIGHT) static service tcp rdp rdp

ERROR: Address overlaps with RIGHT interface address.

ERROR: NAT Policy is not downloaded

why it failed ???

it give me the same error when i try from asdm ??

it say

ERROR: Address overlaps with RIGHT interface address.

ERROR: NAT Policy is not downloaded

why ?

Hall of Fame Super Blue

urgent hep with cisco ASA 5505 with port forwarding

Use Mikahil's NAT statements ie. instead of using the public IP address use the "interface" keyword instead.


CreatePlease login to create content