Link to home
Start Free TrialLog in
Avatar of james_axton
james_axton

asked on

How do I forward a port on an ASA 5505

We have a client that has an ASA 5505 and I need to add a line (or lines) to the firewall config that forwards all incoming traffic directed at a specific port to a user's internal static IP address.  I'm still learning PIX/ASA, can anyone offer advice on how to do this?  Thanks,

James
ASKER CERTIFIED SOLUTION
Avatar of sstone55423
sstone55423
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of rsivanandan
rsivanandan
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Pugglewuggle
Pugglewuggle
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of james_axton
james_axton

ASKER

Thanks to the three of you for your replies and my apologies for the lack of follow-up.  I have a better understanding now of how to bring the traffic in and route it, I just have two subsequent questions about these changes:

1) Can I add these entries on the fly without rebooting the ASA?
2) Does it matter where in the configuration file I place these entries?

Thanks for your continued assistance.

James
Avatar of sstone55423
sstone55423
Flag of United States of America image
Of course, changing anything does risk impacting the PIX negatively.  You can add the above commands without a reboot of the router, and it should not impact users --  but there is a chance.  Choosing a time when it is lower risk is always a better choice.
When you go into config mode and add the commands, it will put them in the proper place.
Avatar of rsivanandan
rsivanandan
Flag of India image
It should not affect any normal operation.

Cheers,
Rajesh
Avatar of Pugglewuggle
Pugglewuggle
Flag of United States of America image
The ASA is a wonderful device - it is designed to run for years without stopping.
The ONLY time you will need to reboot an ASA is when upgrading the software. EVERYTHING else can be done on the fly.
But still take care and only make major changes after business hours. If it's just a minor change that you know will work and are familiar with then it's probably fine to do it whenever.
Cheers!  Let me know if you have any questions!
Avatar of sstone55423
sstone55423
Flag of United States of America image
Save a copy of your configuration file before you make any changes.  Just in case.
Avatar of james_axton
james_axton

ASKER

Thank you all very much!

James