Sunday, December 6, 2009

Configure Port Forwarding on Cisco ASA

This post will show how to port forward a single port from the internet to the internal network. You can easily use the Cisco ASA Appliance GUI through a web browser or Cisco ASDM to create a static nat and an access rule but for those that need to do it from command line here we go:
  1. First login to your router through ssh or telnet and use the privilege mode enable.
  2. Next go to configuration mode by running configure terminal.
  3. Execute the following commands: (In this example we will open HTTP Port 80)
access-list outside_access_in extended permit tcp any interface outside eq 80
static (inside,outside) tcp interface 80 80 netmask
access-group outside_access_in in interface outside

Type exit to get out the configuration mode
Type write to save the changes to startup-config

1 comment:

  1. Thanks man, finaly a simple solution. This works fine. What if we want to access this outside port from inside addresses too. For example from IP address using serverdnsname that translates to outside ip and than to port forward it back to lan IP. That way we can use the same dns name for lan/wan usage. What access list should be modified?