Avatar of Buffl
Buffl
 asked on

configuring port forwarding on Cisco 5515 adsm v6.6

I am trying to create a port forwarder on a cisco firewall, basically    216.x.x.39:46611  -->10.10.3.7:9000

I have been trying different combinations and such for a couple of days and still can't get this to punch through.  I know that 10.10.3.7:9000 works on the inside, I have tested it and it comes up

so far this is what I have
network objects

h-webint  host   10.10.3.7
h-webext host    216.x.x.39

service objects
h-web                tcp            dest (1-65535)           source 46611
h-webtrans       tcp            dest  9000                  source (1-65535)

Nat rule
source int         any                                         destin interface  outside
source addr      any                                         dest   addr           h-webext
                                                                           service                  h-web

action:translated
source  nat            static                                  dest addr              h-webint
source addr           --original--                         service                   --original--

access rule
interface         outside
permit
source             any
dest                  h-webint
service              h-webtran
Cisco

Avatar of undefined
Last Comment
Buffl

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Pete Long

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Buffl

ASKER
ok, I think I am following you, my command line ability is worse than my adsm.

So, my outside interface is called TWC and yes I am using a free ip from my pool of ips

I am trying what you posted, but I am getting an error message
Cisco>enable
password
Cisco# configure terminal
cisco(config)# object network internal_server
cisco(config-network-object)#   host 10.10.3.7
I am getting an error message with the next command
cisco(config-network-object)#  nat(inside,outside) static host 216.x.x.39 46611 900
Error %invalid input detect at marker and the marker is the open (

As I said my command line knowledge is not great, I have tried backing up levels and I still get the same error.
Pete Long

are your inside and outside interfaces called inside and outside?
Buffl

ASKER
so I changed the line to
nat (nas-main,twtc) static host 216.x.x.39 tcp 46611 9000

and now the pointer is saying error at the first number of the IP address
Your help has saved me hundreds of hours of internet surfing.
fblack61
Pete Long

nat (nas-main,twtc) static 216.x.x.39 tcp 46611 9000
Buffl

ASKER
this is becoming a tragedy.

I entered your command and it the error marker moved to tcp now

cisco(config-network-object)#  nat (nas-main,twtc) static 216.x.x.39  tcp 46611 9000

I promise I am typing in what you are telling me to, I even retyped it twice
Pete Long

:) If I doubt go to where the error is and type ?

the keyword 'service' needs entering.....

nat (nas-main,twtc) static 216.x.x.39 service  tcp 46611 9000


Pete
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Buffl

ASKER
that fixed the command problems but I am still unable to access the internal server from the outside.  It occurred to me, maybe the problem is the url I am using  https://216.x.x.39:46611.
Could it be the https?

so, I setup a 1 to 1 nat just trying to access the internal server via https on standard ports and I am able to do so, I just can't get the port 46611 to connect.

suggestions?
Buffl

ASKER
I ran into some overall problems with the router and will re submit this question after they are resolved

thanks