Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 780
  • Last Modified:

How do I configure PAT/port fowarding on cisco Asa FW

I have a setup on cisco ASA fw with an inside host with private ip, nat'd to global IP on the outside. This host needs to be accessed by 6 diferent outside hosts each on a different tcp port(non-standard ports).
How do I achieve this using translation? Thanks
0
rigour
Asked:
rigour
  • 2
  • 2
1 Solution
 
SouljaCommented:
Try this:

Place your ip's in the appropriate places


static (inside,outside) outside_ip inside_ip netmask 255.255.255.255

access-list OUTSIDE extended permit tcp host HOST1 host inside_host_ip eq port1
access-list OUTSIDE extended permit tcp host HOST2 host inside_host_ip eq port2
access-list OUTSIDE extended permit tcp host HOST3 host inside_host_ip eq port3
access-list OUTSIDE extended permit tcp host HOST4 host inside_host_ip eq port4
access-list OUTSIDE extended permit tcp host HOST5 host inside_host_ip eq port5
access-list OUTSIDE extended permit tcp host HOST6 host inside_host_ip eq port6

access-group OUTSIDE in interface outside
0
 
rigourAuthor Commented:
Thanks Soulja, I am currently putting together a design solution for an urgent implementation, so cannot physically test your suggestion straightaway. Logically I believe it will work in the scenario given earlier.

What if the inside host increased to 3 or 4 hosts that need to use the one global address for nat, because of shortage of public address. How could the 6 external hosts access the 3 internal hosts, still on the different ports? Thanks
0
 
rigourAuthor Commented:
Thanks Soulja, I am currently putting together a design solution for an urgent implementation, so cannot physically test your suggestion straightaway. Logically I believe it will work in the scenario given earlier.

What if the inside host increased to 3 or 4 hosts that need to use the one global address for nat, because of shortage of public address. How could the 6 external hosts access the 3 internal hosts, still on the different ports? Thanks
0
 
SouljaCommented:
It would still remain on a per port basis.
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now