Loading

Sunday, December 6, 2009

Configure Port Forwarding on Cisco ASA


This post will show how to port forward a single port from the internet to the internal network. You can easily use the Cisco ASA Appliance GUI through a web browser or Cisco ASDM to create a static nat and an access rule but for those that need to do it from command line here we go:
  1. First login to your router through ssh or telnet and use the privilege mode enable.
  2. Next go to configuration mode by running configure terminal.
  3. Execute the following commands: (In this example we will open HTTP Port 80)
access-list outside_access_in extended permit tcp any interface outside eq 80
static (inside,outside) tcp interface 80 10.1.1.10 80 netmask 255.255.255.255
access-group outside_access_in in interface outside

Type exit to get out the configuration mode
Type write to save the changes to startup-config

1 comment:

  1. Thanks man, finaly a simple solution. This works fine. What if we want to access this outside port from inside addresses too. For example from IP address 10.1.1.201 using serverdnsname that translates to outside ip and than to port forward it back to lan IP. That way we can use the same dns name for lan/wan usage. What access list should be modified?

    ReplyDelete