AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Adeste
Adeste
Flag for Canada asked on

Cleaning up Port Forwarding Rules

I have a Cisco 5525-X firewall and I setup a number of port forwarding rules for an ISPConfig server.

What is the best practice when it comes to forwarding a number of random ports on a Cisco firewall? Is there a clean way to do it?

Here is my port forwarding configuration currently:
object network objISPConfig110
 host 172.23.25.15
object network objISPConfig143
 host 172.23.25.15
object network objISPConfig443
 host 172.23.25.15
object network objISPConfig587
 host 172.23.25.15
object network objISPConfig993
 host 172.23.25.15
object network objISPConfig995
 host 172.23.25.15
object network objISPConfig2525
 host 172.23.25.15
object network objISPConfig8080
 host 172.23.25.15
object network objISPConfig22
 host 172.23.25.15
object network objISPConfig53
 host 172.23.25.15
object network objISPConfig465
 host 172.23.25.15
object network objISPConfig20
 host 172.23.25.15
object network objISPConfig21
 host 172.23.25.15
object network objISPConfig25
 host 172.23.25.15
object network objISPConfig80
 host 172.23.25.15

access-list outside_access_in extended permit tcp any object objISPConfig20 eq ftp-data
access-list outside_access_in extended permit tcp any object objISPConfig21 eq ftp
access-list outside_access_in extended permit tcp any object objISPConfig25 eq smtp
access-list outside_access_in extended permit tcp any object objISPConfig80 eq www
access-list outside_access_in extended permit tcp any object objISPConfig110 eq pop3
access-list outside_access_in extended permit tcp any object objISPConfig143 eq imap4
access-list outside_access_in extended permit tcp any object objISPConfig587 eq 587
access-list outside_access_in extended permit tcp any object objISPConfig993 eq 993
access-list outside_access_in extended permit tcp any object objISPConfig995 eq 995
access-list outside_access_in extended permit tcp any object objISPConfig2525 eq 2525
access-list outside_access_in extended permit tcp any object objISPConfig8080 eq 8080
access-list outside_access_in extended permit tcp any object objISPConfig22 eq ssh
access-list outside_access_in extended permit tcp any object objISPConfig53 eq domain
access-list outside_access_in extended permit tcp any object objISPConfig465 eq 465
access-list outside_access_in extended permit tcp any object objISPConfig443 eq https
access-list outside_access_in extended permit tcp any object objISPConfig25 eq smtp
access-list outside_access_in extended permit tcp any object objISPConfig80 eq www
access-list outside_access_in extended permit tcp any object objISPConfig20 eq ftp-data
access-list outside_access_in extended permit tcp any object objISPConfig21 eq ftp

object network objISPConfig110
 nat (Internal,External) static 1.1.1.13 service tcp pop3 pop3
object network objISPConfig143
 nat (Internal,External) static 1.1.1.13 service tcp imap4 imap4
object network objISPConfig443
 nat (Internal,External) static 1.1.1.13 service tcp https https
object network objISPConfig587
 nat (Internal,External) static 1.1.1.13 service tcp 587 587
object network objISPConfig993
 nat (Internal,External) static 1.1.1.13 service tcp 993 993
object network objISPConfig995
 nat (Internal,External) static 1.1.1.13 service tcp 995 995
object network objISPConfig2525
 nat (Internal,External) static 1.1.1.13 service tcp 2525 2525
object network objISPConfig8080
 nat (Internal,External) static 1.1.1.13 service tcp 8080 8080
object network objISPConfig22
 nat (Internal,External) static 1.1.1.13 service tcp ssh ssh
object network objISPConfig53
 nat (Internal,External) static 1.1.1.13 service tcp domain domain
object network objISPConfig465
 nat (Internal,External) static 1.1.1.13 service tcp 465 465
object network objISPConfig20
 nat (Internal,External) static 1.1.1.13 service tcp ftp-data ftp-data
object network objISPConfig21
 nat (Internal,External) static 1.1.1.13 service tcp ftp ftp
object network objISPConfig25
 nat (Internal,External) static 1.1.1.13 service tcp smtp smtp
object network objISPConfig80
 nat (Internal,External) static 1.1.1.13 service tcp www www
Cisco
Avatar of undefined
Last Comment
rauenpc
8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
rauenpc
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent