Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port forwarding with multiple public IP addresses

Up until recently we had 1 public IP address.  Port forwarding was configured for about 10 different ports to be forwarded to

10 different servers/computers.  We now have 5 public IP addresses and I am trying to use one of those public IPs for the RDP service on

several computers.

My problem is that I cannot figure out how to forward 5 different ports coming in on 1 public IP to the 5 different computers

on the LAN based on the port number being used.  Each computer is configured with a different port for RDP (3400, 3401, etc.).

I have setup our web server to use one of the public IPs and all traffic that comes in on that public IP is forwarded to the

web server.  I do not want to use just one public IP for each computer nor should I have to since I was able to forwarded all

of these different ports when we had only one public IP before.

How can this device be set to allow a range of ports to be forwarded to different computers based on the incoming port number using just one of the public IP addresses?

Everyone's tags (3)

Re: Port forwarding with multiple public IP addresses

You will use a number of items in the ISA to set this up.

1) For each RDP port, create a Service Object which is in the Networking section (i.e. RDP_3400...3401...3402...)

2) For each computer, create an Address Object which is in the Networking section (i.e. PC1...2...3...)

3) For public IP you wish to use, create an Address Object which is in the Networking Section (i.e. RDP_IP)

4) In the Firewall section, create one Advanced NAT rule for each PC. The Translated Source Address will be the RDP_IP. The Original Source Address will be the PC IP (i.e. PC1). The Original and Translated Destination Services will be the RDP port (i.e. RDP_3400). From is LAN and To is WAN. Everything else is Any.

5) Finally, in the Firewall section, create one ACL Rule for each PC. An example would be From WAN to LAN, Services RDP_3400, Source Any, Destination PC1, Match Action Permit.

A word of caution. If you're going to allow RDP access to internal PCs, it would be highly advisable to limit where those connections can be made from. If you can identify the source addresses that will be connecting, you can create Address Objects/Groups with those IPs and the add them to the Source section of your ACL Rule instead of using Any. Using Any means that I can port scan you, see the open port, try to connect, and then you're depending on Microsoft for security...which hasn't been shown to be a good practice. I hope this is helpful.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.