We help IT Professionals succeed at work.
Get Started

Cisco ASA 5505 Post 8.3 Port Forwarding

156 Views
Last Modified: 2016-05-17
Previously to 8.3 I would setup my port forwards as it looks below.

static (inside,outside) tcp interface smtp 192.168.1.2 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface pptp 192.168.1.2 pptp netmask 255.255.255.255
static (inside,outside) tcp interface 2222 192.168.1.253 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 4443 192.168.1.253 https netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.29 3389 netmask 255.255.255.255

access-list outsideINGRESS extended permit tcp host PUBLICIP interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
access-list outsideINGRESS extended permit tcp any interface outside eq 4443
access-list outsideINGRESS extended permit tcp any interface outside eq 2222
access-list outsideINGRESS extended permit tcp any interface outside eq 3389

-----------------

I cannot figure the correct configuration to port forward now in post 8.3. below is what my new configuration looks like. What am I doing wrong?

object network server
 nat (inside,outside) static 10.0.0.250 service tcp smtp smtp
object network servervpn
 nat (inside,outside) static 10.0.0.250 service tcp pptp pptp
object network serverhttps
 nat (inside,outside) static 10.0.0.250 service tcp https https
object network serverrww
 nat (inside,outside) static 10.0.0.250 service tcp 4125 4125
object network pca
 nat (inside,outside) static 10.0.0.99 service tcp pcanywhere-data pcanywhere-data

access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq 4125
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit tcp any interface outside eq 5632
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
Comment
Watch Question
Network Consultant
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 5 Answers and 14 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE