Cisco ASA – redirect a port on external interface to an internal server port

ciscocisco-asanetworking

Using a cisco ASA device with an external IP of 200.20.20.20 (interface OUTSIDE) and an internal subnet of 10.1.1.1/24 (interface INSIDE), how can I configure the ASA so that all traffic to a specific port on the external interface gets directed to an internal server (and the response is returned)

For example, if an external user connects to 200.20.20.20:5000 I want it redirected to 10.1.1.27:8080;

Best Answer

TO get this working you will need to setup a static nat, and add to the access-list to allow the traffic once. (NAT happens before access-list: Details of Order of operations)

Static NAT

Static NAT's on cisco have always been weird (for me at least). Basic thing to remember is (HIGH,LOW) LOW, HIGH for this command.

static (inside,outside) tcp 200.20.20.20 5000 10.1.1.27 8080 netmask 255.255.255.255 0 0

ACLs

This acl will need to be applied to what ever you have named your access-list attached to OUTSIDE interface. (Change: outside_acl )

access-list outside_acl extended permit tcp any host 10.1.1.27 eq 8080

Disclaimer

Sorry I don't have my test ASA in front of me, but this should be very close.

Best Answer

Static NAT

ACLs

Disclaimer

Related Solutions

Cisco ASA – NATing internal -> internal IP for users on a VPN

Firewall – Cisco ASA: Multiple static IPs on a single interface

Related Topic