asked on
Cisco ASA 5505 Post 8.3 Port Forwarding
Previously to 8.3 I would setup my port forwards as it looks below.
static (inside,outside) tcp interface smtp 192.168.1.2 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface pptp 192.168.1.2 pptp netmask 255.255.255.255
static (inside,outside) tcp interface 2222 192.168.1.253 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 4443 192.168.1.253 https netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.29 3389 netmask 255.255.255.255
access-list outsideINGRESS extended permit tcp host PUBLICIP interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
access-list outsideINGRESS extended permit tcp any interface outside eq 4443
access-list outsideINGRESS extended permit tcp any interface outside eq 2222
access-list outsideINGRESS extended permit tcp any interface outside eq 3389
-----------------
I cannot figure the correct configuration to port forward now in post 8.3. below is what my new configuration looks like. What am I doing wrong?
object network server
nat (inside,outside) static 10.0.0.250 service tcp smtp smtp
object network servervpn
nat (inside,outside) static 10.0.0.250 service tcp pptp pptp
object network serverhttps
nat (inside,outside) static 10.0.0.250 service tcp https https
object network serverrww
nat (inside,outside) static 10.0.0.250 service tcp 4125 4125
object network pca
nat (inside,outside) static 10.0.0.99 service tcp pcanywhere-data pcanywhere-data
access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq 4125
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit tcp any interface outside eq 5632
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
static (inside,outside) tcp interface smtp 192.168.1.2 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface pptp 192.168.1.2 pptp netmask 255.255.255.255
static (inside,outside) tcp interface 2222 192.168.1.253 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 4443 192.168.1.253 https netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.29 3389 netmask 255.255.255.255
access-list outsideINGRESS extended permit tcp host PUBLICIP interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
access-list outsideINGRESS extended permit tcp any interface outside eq 4443
access-list outsideINGRESS extended permit tcp any interface outside eq 2222
access-list outsideINGRESS extended permit tcp any interface outside eq 3389
-----------------
I cannot figure the correct configuration to port forward now in post 8.3. below is what my new configuration looks like. What am I doing wrong?
object network server
nat (inside,outside) static 10.0.0.250 service tcp smtp smtp
object network servervpn
nat (inside,outside) static 10.0.0.250 service tcp pptp pptp
object network serverhttps
nat (inside,outside) static 10.0.0.250 service tcp https https
object network serverrww
nat (inside,outside) static 10.0.0.250 service tcp 4125 4125
object network pca
nat (inside,outside) static 10.0.0.99 service tcp pcanywhere-data pcanywhere-data
access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq 4125
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit tcp any interface outside eq 5632
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
Hardware FirewallsRoutersTCP/IPCiscoNetwork Management
Last Comment
Ken Boone