Port forwarding on Cisco ASA

  snifflepuff 16:56 16 Mar 2011

Hi all, we have an ASA 5505 and I need to set up port forwarding for an unusual

port number which will be used for FTP on an IIS server.

It's a bit complex as there are 3 VLANs: these are called ISP, Server and LAN-

side VPN. We need to add a TCP port 8521 forward from the server's IP in Server

WAN to ISP WAN VLAN with public IP address.

As far as I'm aware, normally for simple port forwarding on a 5505 I can do the



configure terminal
object network FTP_Server
host [IP address of the destination server]
nat (inside,outside) static interface service tcp 8521 8521
access-list inbound permit tcp any object FTP_Server eq 8521
access-group inbound in interface outside
write memory


However, will this work given that we want to forward the port from the IP

address of the server in the Server WAN VLAN, to a public IP address in the ISP


Also when I try to add a new host IP address for port forwarding on a Cisco ASA



conf t
object network FTPServer


(Then I try doing this)


But it says the syntax is wrong? I don't understand as I should be able to add

the IP address for the new object?

Also I notice at the command prompt I have asa (config-network) as the prompt

text, whereas I should have asa (config-network-object) - anyone know why this

is happening?

Please let me know?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?