Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

I need a step by step guide on how to port forward on port 8080 on a Cisco ASA 5510

Posted on 2011-10-28
11
Medium Priority
?
889 Views
Last Modified: 2012-05-12
I need a step by step guide on how to port forward on port 8080 on an Cisco ASA 5510.  I am only a beginner in Cisco OS but can follow step by steps very well.
0
Comment
Question by:obSupport
  • 5
  • 3
  • 3
11 Comments
 

Expert Comment

by:bobbymunger
ID: 37047021
The way I have seen this done is through NAT. Assuming you are using NAT here are Cisco documents on how to forward ports through the firewall to your internal network.

You are going to look at the part for "Port Redirection (Forwarding)"

ASA version 8.2:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080b80d74.shtml#forwarding

ASA version 7.x
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t11
0
 

Author Comment

by:obSupport
ID: 37047096
instead of going through the GUI which I can't download, is there also instructions for the COMMAND LINE interface?  ASA version 8.X
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37047213
Is it <8.3 or >=8.3 (different commands there)?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Expert Comment

by:bobbymunger
ID: 37047247
I believe the commands would be the same.

In between steps 3 and 4 it shows the command line equivalent to the GUI.

Their example is:
This is the equivalent CLI output:

!
static (inside,outside) TCP 209.165.200.15 smtp 172.16.11.15 smtp netmask
    255.255.255.255
!

You would want to replace the ip addresses with yours and replace smtp with your port number 8080. I'm still assuming you are using NAT. Is that correct?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37047267
No way, from 8.3 there has changed a lot (especially regarding nat). Do some reading: http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
Why do you think there is a migration guide?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37047277
@bobbymunger: that's the cool thing about EE. Even as an expert you can learn thing here (I know I do ;)
0
 

Expert Comment

by:bobbymunger
ID: 37047337
Good catch. Unfortunately I do not have access to an ASA running 8.3 or I could do some testing of my own.

Skimming through the migration guide they show examples on how to setup NAT within 8.3 and how things have changed along with some examples.

I can't help past this point, Sorry!
0
 

Author Comment

by:obSupport
ID: 37047455
It is 8.0 (4), and I am NOT using the NAT, just the command line.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37047508
Ok, no offense, but if you don't know the difference between nat and cli we need to be very careful in guiding you.

So you need to forward a port. Do tell us from what ip (that might be partially masked) to what ip you want to forward it. I'm sure we can help you then.
0
 

Author Comment

by:obSupport
ID: 37047828
Need some instruction like this, except with the following inserted.  Sorry for being the newb.

I need to forward 207.238.123.456:8080 to 10.20.10.61.  The port is 8080, and the http ip address is 207.238.123.456.  The internal IP i want it redirected to is 10.20.10.61.  I want anyone in the outside to be able to access it.  Please see the pic included, just a little confused on how exactly to insert it so its easy like the instructions in the picture.
firewall-1.JPG
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 37047917
No problems being the newb. If we don't have them, there will be no future experts ;)

So let's try the following:

After the enable and conf t stuff, we can get to work. Add the following:

static (inside,outside) tcp 207.238.123.456 8080 10.20.10.61 8080 netmask 255.255.255.255
access-list outside permit tcp any host 207.238.123.456 eq 8080
access-group outside in interface outside


That should do the trick.

A few assumptions here:
1: you're inside and outside interfaces are named 'inside' and 'outside' (default,but you never know).
2: you don't have an outside access list or you do and it is named 'outside' (otherwise change the name to the access list name you already have).
3: the inside machine is accepting connections on port 8080
4: if you get complaints from the asa when putting in the 'static' command (about being used on the outside interface), you might want to try: static (inside,outside) tcp interface 8080 10.20.10.61 8080 netmask 255.255.255.255

Of course, if that works for you, don't forget the 'wr mem'
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question