Cisco ASA Pre 8.3 Port Foward

i am trying to port forward port 5060 on ip 1.2.3.4 to internal ip 192.168.0.6

I have tried everything with no luck

static (inside,outside) udp 192.168.0.6 5060 1.2.3.4 5060

then i tried adding to the access-list cap

access-list cap extended permit udp any host 1.2.3.4 eq sip

did wr m and

nothing cannot get the port opened.

This is a 5505 ASA with base license.


Thanks
desiredforsomeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ken BooneNetwork ConsultantCommented:
So your static is backwards..

static (inside,outside) udp 1.2.3.4 5060 192.168.0.6 5060

So that is what i see is not right at the moment.

Make sure you issue clear xlate after entering this command.
desiredforsomeAuthor Commented:
I get ERROR: STatic PAT using the interface requires the use of te 'interface' keyword instead of the itnerface IP address
Ken BooneNetwork ConsultantCommented:
Yea didn't know it was the interface ip.. in that case you would do this:

static (inside,outside) udp interface 5060 192.168.0.6 5060
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

desiredforsomeAuthor Commented:
So I have 1 public Ip that i need to map to multiple internal ips

for instance port 80 goes to 5.6.7.8
port 5060 goes o 7.8.9.9

all from when ip 1.2.3.4 gets hit.
desiredforsomeAuthor Commented:
Does the ASA with pre 8.3 support mapping 1 public ip to multiple internal hosts?
Ken BooneNetwork ConsultantCommented:
Yes you can do that with port mapping


So you could have:
static (inside,outside) udp interface 5060 192.168.0.6 5060
static (inside,outside) tcp interface 80 192.168.0.7 80
static (inside,outside) tcp interface 22 192.168.0.200 22
desiredforsomeAuthor Commented:
I put it in my port still shows closed. I have access-list set up but still no go.


access-list cap extended permit udp any host 1.2.3.4 eq sip
Ken BooneNetwork ConsultantCommented:
Well SIP is a special protocol and there might be a application inspection rule in your default policy map at the bottom of your config.  As long as your access-list is applied to the outside interface it looks right.  Test something going to a different port first before you worry about SIP.
desiredforsomeAuthor Commented:
It is working where is only open when using it looks like.

Is there a way to open a range?

I have RTP ports I need to open.
Ken BooneNetwork ConsultantCommented:
Look at the bottom of your config  - do you see something like this?

policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect icmp
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect xdmcp

If yes do you have an "inspect sip" rule?  If not add it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pete LongTechnical ConsultantCommented:
>>Is there a way to open a range?

Not if you are port forwarding.


Pete
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.