How to configure the port-forwarding in ASA 5520?

Posted on 2011-10-13
Last Modified: 2012-05-12
This is using Cisco ASA 5520 firewall. Currently, an exchange server is configure to port-forwarding for www, https, pop3, smtp,etc with public IP - x.x.x.c for exchange server - serverc. Now I set up a ftp server in serverb, and wanted to port-forwarding to public ip - x.x.x.e, how to do it?

Thanks in advance...
Question by:MezzutOzil
    LVL 35

    Accepted Solution

    I think something like:

    object network Servere
     host 10.170.32.x
    object network PublicIP-x.x.x.e(ftp)
     host x.x.x.e
    object-group service ftpServicesGroup
     service-object tcp destination eq wftp
    object-group network DM_INLINE_NETWORK_2
     network-object object PublicIP-x.x.x.e(ftp)
     network-object object Servere
    access-list outside_access_in extended permit object-group ftpServicesGroup any object-group DM_INLINE_NETWORK_2
    nat (inside,outside) source static Servere PublicIP-x.x.x.e(ftp) service ftp ftp
    LVL 35

    Expert Comment

    by:Ernie Beek
    Oops, typo, should be:

    object-group service ftpServicesGroup
     service-object tcp destination eq ftp

    Author Comment

    Hi erniebeek,

    Thanks for the command. Just wondering can I apply the same thing through GUi?

    Author Comment

    Hi erniebeek,

    Pls see the latest configuration file. Ftp service still not able to access from the Internet...

    Author Comment

    Add in:

     nat (inside,outside) source static serverb PublicIP-x.x.x.c(ftp) dns

    And it works

    Author Closing Comment

    Thanks you very much, erniebeek.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    export data from ASA 5 44
    Cisco ASA5505 problems 24 43
    L2/L3 Switch configuration 4 94
    AnyConnect 3 45
    When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now