08-13-2008 06:20 AM - edited 03-09-2019 09:16 PM
I have been trying to get a inbound static rule working - with no success.
What we want to to have any computer on the web access to port 7080 which is forwarded and NATted to the inside - now we have to ASA 5520 inplace ( one which we control and the other that company X controls) as per the diagram
The rules that I have in place want the Source Port to be 7080 and not the destination port on the external interface on the asa.
Rules that I have now ( I have been testing with 1 ip address)
access-list outside_nat_static_1 extended permit tcp host 2.1.20.26 eq 7080 any
static (outside,SMARTS_VPN) tcp interface 7080 access-list outside_nat_static_1
What am I missing - thanks in advance
08-13-2008 09:49 PM
can u just post the exact addrsing of the firewalls and the natinf config u have
because it must be very precise as u have to nating stages while it not recomended but possible
then can give u more presice answer
thanks
08-14-2008 07:20 AM
Hi,
The config that I have posted the the running conf. the IP address have just have a number removed eg 2.x.x.x = 22.x.x.x so then numbers should not be "that" important. ( all internal numbers are what is in place ;-)
When I test the rules with the ASDM if the packet source port is 7080 then the rules works. and if I test this from my local machine and force my local machine to send the packet from 7080 then everything works - however this should not be.
The source/port of the packet should be any - it is only the dest port that I want to NAT/forward on.
Thanks in advance
08-14-2008 03:40 PM
as i know
u can only map port to port PAT
or any to ant normal nat
but ant to spesific port havt seen
anyway if u useweb browser
u can map http to 7080 and so on
in this case will be more reasonable
and regardign ur config with ACL
try to mal like this
static (smart_vpn, outside) [internal ip] [ur ACL]
by the way have u made ta permit acl on the outside interface ?
08-14-2008 07:42 AM
Too add to this
access-list outside_nat_static_1 extended permit tcp host 2.1.20.26 eq 7080 any
static (outside,inside) tcp interface 7080 access-list outside_nat_static_1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: