Link to home
Start Free TrialLog in
Avatar of Buffl
Buffl

asked on

configuring port forwarding on Cisco 5515 adsm v6.6

I am trying to create a port forwarder on a cisco firewall, basically    216.x.x.39:46611  -->10.10.3.7:9000

I have been trying different combinations and such for a couple of days and still can't get this to punch through.  I know that 10.10.3.7:9000 works on the inside, I have tested it and it comes up

so far this is what I have
network objects

h-webint  host   10.10.3.7
h-webext host    216.x.x.39

service objects
h-web                tcp            dest (1-65535)           source 46611
h-webtrans       tcp            dest  9000                  source (1-65535)

Nat rule
source int         any                                         destin interface  outside
source addr      any                                         dest   addr           h-webext
                                                                           service                  h-web

action:translated
source  nat            static                                  dest addr              h-webint
source addr           --original--                         service                   --original--

access rule
interface         outside
permit
source             any
dest                  h-webint
service              h-webtran
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Buffl
Buffl

ASKER

ok, I think I am following you, my command line ability is worse than my adsm.

So, my outside interface is called TWC and yes I am using a free ip from my pool of ips

I am trying what you posted, but I am getting an error message
Cisco>enable
password
Cisco# configure terminal
cisco(config)# object network internal_server
cisco(config-network-object)#   host 10.10.3.7
I am getting an error message with the next command
cisco(config-network-object)#  nat(inside,outside) static host 216.x.x.39 46611 900
Error %invalid input detect at marker and the marker is the open (

As I said my command line knowledge is not great, I have tried backing up levels and I still get the same error.
are your inside and outside interfaces called inside and outside?
Avatar of Buffl

ASKER

so I changed the line to
nat (nas-main,twtc) static host 216.x.x.39 tcp 46611 9000

and now the pointer is saying error at the first number of the IP address
nat (nas-main,twtc) static 216.x.x.39 tcp 46611 9000
Avatar of Buffl

ASKER

this is becoming a tragedy.

I entered your command and it the error marker moved to tcp now

cisco(config-network-object)#  nat (nas-main,twtc) static 216.x.x.39  tcp 46611 9000

I promise I am typing in what you are telling me to, I even retyped it twice
:) If I doubt go to where the error is and type ?

the keyword 'service' needs entering.....

nat (nas-main,twtc) static 216.x.x.39 service  tcp 46611 9000


Pete
Avatar of Buffl

ASKER

that fixed the command problems but I am still unable to access the internal server from the outside.  It occurred to me, maybe the problem is the url I am using  https://216.x.x.39:46611.
Could it be the https?

so, I setup a 1 to 1 nat just trying to access the internal server via https on standard ports and I am able to do so, I just can't get the port 46611 to connect.

suggestions?
Avatar of Buffl

ASKER

I ran into some overall problems with the router and will re submit this question after they are resolved

thanks