troubleshooting Question

Cleaning up Port Forwarding Rules

Avatar of Adeste
AdesteFlag for Canada asked on
Cisco
1 Comment1 Solution660 ViewsLast Modified:
I have a Cisco 5525-X firewall and I setup a number of port forwarding rules for an ISPConfig server.

What is the best practice when it comes to forwarding a number of random ports on a Cisco firewall? Is there a clean way to do it?

Here is my port forwarding configuration currently:
object network objISPConfig110
 host 172.23.25.15
object network objISPConfig143
 host 172.23.25.15
object network objISPConfig443
 host 172.23.25.15
object network objISPConfig587
 host 172.23.25.15
object network objISPConfig993
 host 172.23.25.15
object network objISPConfig995
 host 172.23.25.15
object network objISPConfig2525
 host 172.23.25.15
object network objISPConfig8080
 host 172.23.25.15
object network objISPConfig22
 host 172.23.25.15
object network objISPConfig53
 host 172.23.25.15
object network objISPConfig465
 host 172.23.25.15
object network objISPConfig20
 host 172.23.25.15
object network objISPConfig21
 host 172.23.25.15
object network objISPConfig25
 host 172.23.25.15
object network objISPConfig80
 host 172.23.25.15

access-list outside_access_in extended permit tcp any object objISPConfig20 eq ftp-data
access-list outside_access_in extended permit tcp any object objISPConfig21 eq ftp
access-list outside_access_in extended permit tcp any object objISPConfig25 eq smtp
access-list outside_access_in extended permit tcp any object objISPConfig80 eq www
access-list outside_access_in extended permit tcp any object objISPConfig110 eq pop3
access-list outside_access_in extended permit tcp any object objISPConfig143 eq imap4
access-list outside_access_in extended permit tcp any object objISPConfig587 eq 587
access-list outside_access_in extended permit tcp any object objISPConfig993 eq 993
access-list outside_access_in extended permit tcp any object objISPConfig995 eq 995
access-list outside_access_in extended permit tcp any object objISPConfig2525 eq 2525
access-list outside_access_in extended permit tcp any object objISPConfig8080 eq 8080
access-list outside_access_in extended permit tcp any object objISPConfig22 eq ssh
access-list outside_access_in extended permit tcp any object objISPConfig53 eq domain
access-list outside_access_in extended permit tcp any object objISPConfig465 eq 465
access-list outside_access_in extended permit tcp any object objISPConfig443 eq https
access-list outside_access_in extended permit tcp any object objISPConfig25 eq smtp
access-list outside_access_in extended permit tcp any object objISPConfig80 eq www
access-list outside_access_in extended permit tcp any object objISPConfig20 eq ftp-data
access-list outside_access_in extended permit tcp any object objISPConfig21 eq ftp

object network objISPConfig110
 nat (Internal,External) static 1.1.1.13 service tcp pop3 pop3
object network objISPConfig143
 nat (Internal,External) static 1.1.1.13 service tcp imap4 imap4
object network objISPConfig443
 nat (Internal,External) static 1.1.1.13 service tcp https https
object network objISPConfig587
 nat (Internal,External) static 1.1.1.13 service tcp 587 587
object network objISPConfig993
 nat (Internal,External) static 1.1.1.13 service tcp 993 993
object network objISPConfig995
 nat (Internal,External) static 1.1.1.13 service tcp 995 995
object network objISPConfig2525
 nat (Internal,External) static 1.1.1.13 service tcp 2525 2525
object network objISPConfig8080
 nat (Internal,External) static 1.1.1.13 service tcp 8080 8080
object network objISPConfig22
 nat (Internal,External) static 1.1.1.13 service tcp ssh ssh
object network objISPConfig53
 nat (Internal,External) static 1.1.1.13 service tcp domain domain
object network objISPConfig465
 nat (Internal,External) static 1.1.1.13 service tcp 465 465
object network objISPConfig20
 nat (Internal,External) static 1.1.1.13 service tcp ftp-data ftp-data
object network objISPConfig21
 nat (Internal,External) static 1.1.1.13 service tcp ftp ftp
object network objISPConfig25
 nat (Internal,External) static 1.1.1.13 service tcp smtp smtp
object network objISPConfig80
 nat (Internal,External) static 1.1.1.13 service tcp www www
ASKER CERTIFIED SOLUTION
rauenpc
Senior Network Speialist

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros