Port forwarding on Cisco ASA

  snifflepuff 16:56 PM 16 Mar 11
Locked

Hi all, we have an ASA 5505 and I need to set up port forwarding for an unusual

port number which will be used for FTP on an IIS server.

It's a bit complex as there are 3 VLANs: these are called ISP, Server and LAN-

side VPN. We need to add a TCP port 8521 forward from the server's IP in Server

WAN to ISP WAN VLAN with public IP address.

As far as I'm aware, normally for simple port forwarding on a 5505 I can do the

following:

[code]

configure terminal
object network FTP_Server
host [IP address of the destination server]
nat (inside,outside) static interface service tcp 8521 8521
exit
access-list inbound permit tcp any object FTP_Server eq 8521
access-group inbound in interface outside
write memory

[/code]

However, will this work given that we want to forward the port from the IP

address of the server in the Server WAN VLAN, to a public IP address in the ISP

VLAN?

Also when I try to add a new host IP address for port forwarding on a Cisco ASA

5505:

[code]

conf t
object network FTPServer

[/code]

(Then I try doing this)

host 192.168.3.211

But it says the syntax is wrong? I don't understand as I should be able to add

the IP address for the new object?

Also I notice at the command prompt I have asa (config-network) as the prompt

text, whereas I should have asa (config-network-object) - anyone know why this

is happening?

Please let me know?

Advertisement

This thread is now locked and can not be replied to.

Sony Xperia Z5 review: Hands-on with the phone which the Z3+ should have been

1995-2015: How technology has changed the world in 20 years

How to choose a photographer

iPhone 6S preview: What to expect from Apple's next iPhone