?
Solved

Cisco ASA 5505 - Setting Up NAT's Port Forwarding

Posted on 2011-03-08
5
Medium Priority
?
1,540 Views
Last Modified: 2012-05-11
What I require is a few ports opening up on my Cisco ASA 5505 and them port forwarding to internal local IP addresses

I have attached my running config so you can see what I currently have.

For Example the ports I require are as follows:

Service we can calll "Vuze" this needs to allow TCP port 42270 & UDP 42271 to internal IP address 192.168.1.100

Service we can call "AXIS Camera" this needs to allow TCP port 81 to internal IP address 192.168.1.101

Please can you tell me what needs to be added to my current config to achieve this
Experts-Exchange-Config.txt
0
Comment
Question by:Robert_Rayworth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:gcl_hk
ID: 35078171
Try Try

access-list outside_in permit tcp any interface outside eq 42270
access-list outside_in permit udp any interface outside eq 42271
access-list outside_in permit tcp any interface outside eq 81

static (inside,outside) tcp interface 42270 192.168.1.100 42270 netmask 255.255.255.255
static (inside,outside) udp interface 42271 192.168.1.100 42271 netmask 255.255.255.255
static (inside,outside) tcp interface 81 192.168.1.100 81 netmask 255.255.255.255



0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35079527
this line is need, but the static command not working on 8.3

access-list outside_in permit tcp any interface outside eq 42270
access-list outside_in permit udp any interface outside eq 42271
access-list outside_in permit tcp any interface outside eq 81

so you need:

hostname(config)# object network my-server
hostname(config-network-object)# host 192.168.1.100
hostname(config-network-object)# nat (inside,outside) static interface service tcp 42270 42270
hostname(config-network-object)# nat (inside,outside) static interface service tcp 42271 42271
hostname(config-network-object)# nat (inside,outside) static interface service tcp 81 81
0
 

Author Comment

by:Robert_Rayworth
ID: 35086982
ikalmar you were right in thinking about the version of IOS as I am currently on ASA version 8.3(1) with ASDM version 6.3(1)

Something I want to know can I call the service or object-network by a friendly name so I can easily identifiy it

I wanted AXIS Camera for one name and Vuze for the other could you be a bit more specific
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 1000 total points
ID: 35091809
you need to create individual object groups with static nat

hostname(config)# object network Vuze
hostname(config-network-object)# host 192.168.1.100
hostname(config-network-object)# nat (inside,outside) static interface service tcp 42270 42270
hostname(config-network-object)# nat (inside,outside) static interface service tcp 42271 42271


hostname(config)# object network AXIS
hostname(config-network-object)# host 192.168.1.101
hostname(config-network-object)# nat (inside,outside) static interface service tcp 81 81
0
 

Author Comment

by:Robert_Rayworth
ID: 35137822
Sorry for the late reply we had a family death which we needed to attend
Thanks for the response ikalmar
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question