I have Cisco ASA 8.2(5) and would like to configure port forwarding.
Cisco ASA has 2 interfaces:
outside with IP 192.168.57.2
inside with IP 192.168.1.1
I have two subnets reachable through outside interface:
192.168.17.0/24
192.168.18.0/24
And two subnets reachable through inside interface:
192.168.14.0/24
192.168.15.0/24
Now I would like to setup port forwarding so, that the same port on outside interface of ASA is forwarded to different inside hosts, depending on subnet of the client outside:
- If client from one subnet connects from outside to ASA on port 4000 (from 192.168.17.124 to 192.168.57.2:4000), I want to forward it to 192.168.14.5:3389.
- If client from another subnet connects to the same port on outside interface of ASA (from 192.168.18.124 to 192.168.57.2:4000), I want to forward it to host in another subnet (192.168.15.5:3389).
Is such configuration possible? How could I configure it?
P.S. My current configuration just always forwards the port to the same IP, not depending on client subnet:
object-group service OpenedPorts tcp-udp
port-object eq 4000
port-object eq 4002
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_in extended permit object-group TCPUDP any any object-group OpenedPorts
access-group outside_access_in in interface outside
static (inside,outside) tcp interface 4000 192.168.14.5 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 4002 192.168.14.6 22 netmask 255.255.255.255
Best Answer
ASA added Policy Based Routing in 9.4(1), with a versatile list of settings you can apply to selected traffic:
From release notes: