port forwarding/redirection cisco asa 5505
I need to setup port forwarding for some hosts behind an asa 5505. the outside interface is getting it's ip address via DHCP from a cable modem. As an example, one internal host's ip is 10.10.30.85, the external port they will connect to is 41785, redirecting to internal port 41795 on the 10.10.30.85 host...I'm not concerned with limiting external ip access, as the companies will be connecting from any number of ip's...i also have 6 other internal hosts that will use that same 41795 internal port, that is why i have to redirect the external port numbers.
ASKER
also, i applied the acl by doing:
access-group acl_outside in interface outside
access-group acl_outside in interface outside
ASKER
would this work for the acl rule?
access-list acl_outside extended permit tcp any interface outside eq 41785
access-list acl_outside extended permit tcp any interface outside eq 41785
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>also i saw where someone put 'dns' after the netmask on the static map
You do not need to do that in your case.
You do not need to do that in your case.
depending on the software version you can try:
access-list acl_outside extended permit tcp any interface outside eq 41785
access-list acl_outside extended permit tcp any interface outside eq 41785
ASKER
access-list acl_outside extended permit tcp any any eq 41785
static (inside,outside) tcp interface 41785 10.10.30.85 41795 netmask 255.255.255.255
i think the static mapping part is probably right (cross my fingers) and the acl rule will work, but I don't like having the 2nd 'any' for who can be connected to. I'm just not sure how to specify a host when i dont have a specific external ip to give it, as that's the only way I've ever configured this type of rule...also i saw where someone put 'dns' after the netmask on the static map, is that something i need?