configuring port forwarding on Cisco 5515 adsm v6.6

I am trying to create a port forwarder on a cisco firewall, basically    216.x.x.39:46611  -->

I have been trying different combinations and such for a couple of days and still can't get this to punch through.  I know that works on the inside, I have tested it and it comes up

so far this is what I have
network objects

h-webint  host
h-webext host    216.x.x.39

service objects
h-web                tcp            dest (1-65535)           source 46611
h-webtrans       tcp            dest  9000                  source (1-65535)

Nat rule
source int         any                                         destin interface  outside
source addr      any                                         dest   addr           h-webext
                                                                           service                  h-web

source  nat            static                                  dest addr              h-webint
source addr           --original--                         service                   --original--

access rule
interface         outside
source             any
dest                  h-webint
service              h-webtran
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
I don't use the ASDM for this very reason  -it bloats the config and creates a ton of objects and makes the running config harder to read and troubleshoot. Are you sure you want port forwarding i.e. is 216.x.x.39 the outside interface? and you want to forward 46611 outside to 9000 inside?

object network Internal_Server
nat (inside,outside) static interface service tcp 46611 9000
access-list inbound permit tcp any object Internal_Server eq 46611
access-group inbound in interface outside

Assuming your inbound ACL is called inbound and your interfaces are called inside and outside.

If you public IP is not the outside interface i.e just another free IP then the config would look like this instead;

object network Internal_Server
nat (inside,outside) static host  216.x.x.39 tcp 46611 9000
access-list inbound permit tcp any object Internal_Server eq 46611
access-group inbound in interface outside



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BufflAuthor Commented:
ok, I think I am following you, my command line ability is worse than my adsm.

So, my outside interface is called TWC and yes I am using a free ip from my pool of ips

I am trying what you posted, but I am getting an error message
Cisco# configure terminal
cisco(config)# object network internal_server
cisco(config-network-object)#   host
I am getting an error message with the next command
cisco(config-network-object)#  nat(inside,outside) static host 216.x.x.39 46611 900
Error %invalid input detect at marker and the marker is the open (

As I said my command line knowledge is not great, I have tried backing up levels and I still get the same error.
Pete LongTechnical ConsultantCommented:
are your inside and outside interfaces called inside and outside?
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

BufflAuthor Commented:
so I changed the line to
nat (nas-main,twtc) static host 216.x.x.39 tcp 46611 9000

and now the pointer is saying error at the first number of the IP address
Pete LongTechnical ConsultantCommented:
nat (nas-main,twtc) static 216.x.x.39 tcp 46611 9000
BufflAuthor Commented:
this is becoming a tragedy.

I entered your command and it the error marker moved to tcp now

cisco(config-network-object)#  nat (nas-main,twtc) static 216.x.x.39  tcp 46611 9000

I promise I am typing in what you are telling me to, I even retyped it twice
Pete LongTechnical ConsultantCommented:
:) If I doubt go to where the error is and type ?

the keyword 'service' needs entering.....

nat (nas-main,twtc) static 216.x.x.39 service  tcp 46611 9000

BufflAuthor Commented:
that fixed the command problems but I am still unable to access the internal server from the outside.  It occurred to me, maybe the problem is the url I am using  https://216.x.x.39:46611.
Could it be the https?

so, I setup a 1 to 1 nat just trying to access the internal server via https on standard ports and I am able to do so, I just can't get the port 46611 to connect.

BufflAuthor Commented:
I ran into some overall problems with the router and will re submit this question after they are resolved

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.