troubleshooting Question

Cisco ASA 5505 Post 8.3 Port Forwarding

Avatar of TechGuy_007
TechGuy_007Flag for United States of America asked on
Hardware FirewallsRoutersTCP/IPCiscoNetwork Management
14 Comments5 Solutions159 ViewsLast Modified:
Previously to 8.3 I would setup my port forwards as it looks below.

static (inside,outside) tcp interface smtp 192.168.1.2 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255
static (inside,outside) tcp interface pptp 192.168.1.2 pptp netmask 255.255.255.255
static (inside,outside) tcp interface 2222 192.168.1.253 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 4443 192.168.1.253 https netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.29 3389 netmask 255.255.255.255

access-list outsideINGRESS extended permit tcp host PUBLICIP interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
access-list outsideINGRESS extended permit tcp any interface outside eq 4443
access-list outsideINGRESS extended permit tcp any interface outside eq 2222
access-list outsideINGRESS extended permit tcp any interface outside eq 3389

-----------------

I cannot figure the correct configuration to port forward now in post 8.3. below is what my new configuration looks like. What am I doing wrong?

object network server
 nat (inside,outside) static 10.0.0.250 service tcp smtp smtp
object network servervpn
 nat (inside,outside) static 10.0.0.250 service tcp pptp pptp
object network serverhttps
 nat (inside,outside) static 10.0.0.250 service tcp https https
object network serverrww
 nat (inside,outside) static 10.0.0.250 service tcp 4125 4125
object network pca
 nat (inside,outside) static 10.0.0.99 service tcp pcanywhere-data pcanywhere-data

access-list outsideINGRESS extended permit icmp any any echo-reply
access-list outsideINGRESS extended permit tcp any interface outside eq smtp
access-list outsideINGRESS extended permit tcp any interface outside eq 4125
access-list outsideINGRESS extended permit tcp any interface outside eq https
access-list outsideINGRESS extended permit tcp any interface outside eq 5632
access-list outsideINGRESS extended permit tcp any interface outside eq pptp
ASKER CERTIFIED SOLUTION
Ken Boone
Network Consultant

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 5 Answers and 14 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 5 Answers and 14 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros