Solved: Traffic inspection & forwarding

bsisco · ‎12-12-2007

Not entirely sure how to approach this.

We have a need to direct traffic from the internet to a single public IP to different destinations internally solely based on the port (and more securely the type of traffic).

Can the ASA (5510 (v. 7.2(2)) accomplish this?

For example:

incoming TCP 25 traffic to public IP 21.21.52.12 gets directed to a SPAM filter with an internal IP of 192.168.66.1 while traffic to the same public IP on port TCP 80 TCP 443 and TCP 1352 is directed to a server with an internal IP of 192.168.45.5.

acomiskey · ‎12-12-2007

static (inside,outside) tcp 21.21.52.12 25 192.168.66.1 25 netmask 255.255.255.255

static (inside,outside) tcp 21.21.52.12 80 192.168.45.5 25 netmask 255.255.255.255

static (inside,outside) tcp 21.21.52.12 443 192.168.45.5 443 netmask 255.255.255.255

static (inside,outside) tcp 21.21.52.12 1352 192.168.45.5 1352 netmask 255.255.255.255

View solution in original post

acomiskey · ‎12-12-2007

static (inside,outside) tcp 21.21.52.12 25 192.168.66.1 25 netmask 255.255.255.255

static (inside,outside) tcp 21.21.52.12 80 192.168.45.5 25 netmask 255.255.255.255

static (inside,outside) tcp 21.21.52.12 443 192.168.45.5 443 netmask 255.255.255.255

static (inside,outside) tcp 21.21.52.12 1352 192.168.45.5 1352 netmask 255.255.255.255

bsisco · ‎12-12-2007

Thanks!! I should have known that and something tells me I should feel start feeling dumb now ;)