I need a step by step guide on how to port forward on port 8080 on a Cisco ASA 5510

I need a step by step guide on how to port forward on port 8080 on an Cisco ASA 5510.  I am only a beginner in Cisco OS but can follow step by steps very well.
obSupportAsked:
Who is Participating?
 
Ernie BeekExpertCommented:
No problems being the newb. If we don't have them, there will be no future experts ;)

So let's try the following:

After the enable and conf t stuff, we can get to work. Add the following:

static (inside,outside) tcp 207.238.123.456 8080 10.20.10.61 8080 netmask 255.255.255.255
access-list outside permit tcp any host 207.238.123.456 eq 8080
access-group outside in interface outside


That should do the trick.

A few assumptions here:
1: you're inside and outside interfaces are named 'inside' and 'outside' (default,but you never know).
2: you don't have an outside access list or you do and it is named 'outside' (otherwise change the name to the access list name you already have).
3: the inside machine is accepting connections on port 8080
4: if you get complaints from the asa when putting in the 'static' command (about being used on the outside interface), you might want to try: static (inside,outside) tcp interface 8080 10.20.10.61 8080 netmask 255.255.255.255

Of course, if that works for you, don't forget the 'wr mem'
0
 
bobbymungerCommented:
The way I have seen this done is through NAT. Assuming you are using NAT here are Cisco documents on how to forward ports through the firewall to your internal network.

You are going to look at the part for "Port Redirection (Forwarding)"

ASA version 8.2:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080b80d74.shtml#forwarding

ASA version 7.x
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t11
0
 
obSupportAuthor Commented:
instead of going through the GUI which I can't download, is there also instructions for the COMMAND LINE interface?  ASA version 8.X
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
Ernie BeekExpertCommented:
Is it <8.3 or >=8.3 (different commands there)?
0
 
bobbymungerCommented:
I believe the commands would be the same.

In between steps 3 and 4 it shows the command line equivalent to the GUI.

Their example is:
This is the equivalent CLI output:

!
static (inside,outside) TCP 209.165.200.15 smtp 172.16.11.15 smtp netmask
    255.255.255.255
!

You would want to replace the ip addresses with yours and replace smtp with your port number 8080. I'm still assuming you are using NAT. Is that correct?
0
 
Ernie BeekExpertCommented:
No way, from 8.3 there has changed a lot (especially regarding nat). Do some reading: http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
Why do you think there is a migration guide?
0
 
Ernie BeekExpertCommented:
@bobbymunger: that's the cool thing about EE. Even as an expert you can learn thing here (I know I do ;)
0
 
bobbymungerCommented:
Good catch. Unfortunately I do not have access to an ASA running 8.3 or I could do some testing of my own.

Skimming through the migration guide they show examples on how to setup NAT within 8.3 and how things have changed along with some examples.

I can't help past this point, Sorry!
0
 
obSupportAuthor Commented:
It is 8.0 (4), and I am NOT using the NAT, just the command line.
0
 
Ernie BeekExpertCommented:
Ok, no offense, but if you don't know the difference between nat and cli we need to be very careful in guiding you.

So you need to forward a port. Do tell us from what ip (that might be partially masked) to what ip you want to forward it. I'm sure we can help you then.
0
 
obSupportAuthor Commented:
Need some instruction like this, except with the following inserted.  Sorry for being the newb.

I need to forward 207.238.123.456:8080 to 10.20.10.61.  The port is 8080, and the http ip address is 207.238.123.456.  The internal IP i want it redirected to is 10.20.10.61.  I want anyone in the outside to be able to access it.  Please see the pic included, just a little confused on how exactly to insert it so its easy like the instructions in the picture.
firewall-1.JPG
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.