port forwarding/redirection cisco asa 5505

I need to setup port forwarding for some hosts behind an asa 5505. the outside interface is getting it's ip address via DHCP from a cable modem. As an example, one internal host's ip is 10.10.30.85, the external port they will connect to is 41785, redirecting to internal port 41795 on the 10.10.30.85 host...I'm not concerned with limiting external ip access, as the companies will be connecting from any number of ip's...i also have 6 other internal hosts that will use that same 41795 internal port, that is why i have to redirect the external port numbers.
ptuttle1319Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ptuttle1319Author Commented:
here's what i have so far:
access-list acl_outside extended permit tcp any any eq 41785
static (inside,outside) tcp interface 41785 10.10.30.85 41795 netmask 255.255.255.255

i think the static mapping part is probably right (cross my fingers) and the acl rule will work, but I don't like having the 2nd 'any' for who can be connected to. I'm just not sure how to specify a host when i dont have a specific external ip to give it, as that's the only way I've ever configured this type of rule...also i saw where someone put 'dns' after the netmask on the static map, is that something i need?
0
ptuttle1319Author Commented:
also, i applied the acl by doing:
access-group acl_outside in interface outside
0
ptuttle1319Author Commented:
would this work for the acl rule?

access-list acl_outside extended permit tcp any interface outside eq 41785
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

lrmooreCommented:
Yes, your last post is the best way to enter the access-list.
It should work fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lrmooreCommented:
>also i saw where someone put 'dns' after the netmask on the static map
You do not need to do that in your case.
0
svetter78Commented:
depending on the software version you can try:

access-list acl_outside extended permit tcp any interface outside eq 41785
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.