desiredforsome
asked on
Cisco ASA Pre 8.3 Port Foward
i am trying to port forward port 5060 on ip 1.2.3.4 to internal ip 192.168.0.6
I have tried everything with no luck
static (inside,outside) udp 192.168.0.6 5060 1.2.3.4 5060
then i tried adding to the access-list cap
access-list cap extended permit udp any host 1.2.3.4 eq sip
did wr m and
nothing cannot get the port opened.
This is a 5505 ASA with base license.
Thanks
I have tried everything with no luck
static (inside,outside) udp 192.168.0.6 5060 1.2.3.4 5060
then i tried adding to the access-list cap
access-list cap extended permit udp any host 1.2.3.4 eq sip
did wr m and
nothing cannot get the port opened.
This is a 5505 ASA with base license.
Thanks
ASKER
I get ERROR: STatic PAT using the interface requires the use of te 'interface' keyword instead of the itnerface IP address
Yea didn't know it was the interface ip.. in that case you would do this:
static (inside,outside) udp interface 5060 192.168.0.6 5060
static (inside,outside) udp interface 5060 192.168.0.6 5060
ASKER
So I have 1 public Ip that i need to map to multiple internal ips
for instance port 80 goes to 5.6.7.8
port 5060 goes o 7.8.9.9
all from when ip 1.2.3.4 gets hit.
for instance port 80 goes to 5.6.7.8
port 5060 goes o 7.8.9.9
all from when ip 1.2.3.4 gets hit.
ASKER
Does the ASA with pre 8.3 support mapping 1 public ip to multiple internal hosts?
Yes you can do that with port mapping
So you could have:
static (inside,outside) udp interface 5060 192.168.0.6 5060
static (inside,outside) tcp interface 80 192.168.0.7 80
static (inside,outside) tcp interface 22 192.168.0.200 22
So you could have:
static (inside,outside) udp interface 5060 192.168.0.6 5060
static (inside,outside) tcp interface 80 192.168.0.7 80
static (inside,outside) tcp interface 22 192.168.0.200 22
ASKER
I put it in my port still shows closed. I have access-list set up but still no go.
access-list cap extended permit udp any host 1.2.3.4 eq sip
access-list cap extended permit udp any host 1.2.3.4 eq sip
Well SIP is a special protocol and there might be a application inspection rule in your default policy map at the bottom of your config. As long as your access-list is applied to the outside interface it looks right. Test something going to a different port first before you worry about SIP.
ASKER
It is working where is only open when using it looks like.
Is there a way to open a range?
I have RTP ports I need to open.
Is there a way to open a range?
I have RTP ports I need to open.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>Is there a way to open a range?
Not if you are port forwarding.
Pete
Not if you are port forwarding.
Pete
static (inside,outside) udp 1.2.3.4 5060 192.168.0.6 5060
So that is what i see is not right at the moment.
Make sure you issue clear xlate after entering this command.