Port forwarding on Cisco ASA

  snifflepuff 16:56 16 Mar 2011
Locked

Hi all, we have an ASA 5505 and I need to set up port forwarding for an unusual

port number which will be used for FTP on an IIS server.

It's a bit complex as there are 3 VLANs: these are called ISP, Server and LAN-

side VPN. We need to add a TCP port 8521 forward from the server's IP in Server

WAN to ISP WAN VLAN with public IP address.

As far as I'm aware, normally for simple port forwarding on a 5505 I can do the

following:

[code]

configure terminal
object network FTP_Server
host [IP address of the destination server]
nat (inside,outside) static interface service tcp 8521 8521
exit
access-list inbound permit tcp any object FTP_Server eq 8521
access-group inbound in interface outside
write memory

[/code]

However, will this work given that we want to forward the port from the IP

address of the server in the Server WAN VLAN, to a public IP address in the ISP

VLAN?

Also when I try to add a new host IP address for port forwarding on a Cisco ASA

5505:

[code]

conf t
object network FTPServer

[/code]

(Then I try doing this)

host 192.168.3.211

But it says the syntax is wrong? I don't understand as I should be able to add

the IP address for the new object?

Also I notice at the command prompt I have asa (config-network) as the prompt

text, whereas I should have asa (config-network-object) - anyone know why this

is happening?

Please let me know?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?