Reverse Port Redirection with ASA5505

Hello Community.
We have a singe IP Address in the Internet and want to forward SMTP traffic that hits our ASA Outside Interace to the internal Mailserver.
And we like to forward Http Traffic to our Webserver.
Example.
212.23.23.23 Port 25 -> 192.168.1.100 Port 25
212.23.23.23 Port 80 -> 192 168.1.200 Port 80
How do i acomplish that. Which NAT rules do in need?
Thanks Patrick

Hi,
Glad to help
We do need a NAT configuration usually for both VPN Client and Site to Site VPN to function correctly. I guess the only exception is when a single ASA is ONLY used for VPN. Then you can actually have the ASA without ANY NAT configurations at all. But this doesnt apply to your situation.
You basically already listed the type of NAT configurations you need already.
Lets say we have a site with ASA firewall and that ASA has one Site to Site VPN and one VPN client connection configured.
The local site is 10.10.10.0/24
The remote site is 10.10.20.0/24
The VPN Pool is 10.10.100.0/24
With the above information if we wanted to make it so that both the local site and remote site and the local site and vpn pool could communicate using their original IP address, then we would configure the NAT in the following way
object network LAN
subnet 10.10.10.0 255.255.255.0
object network REMOTE-LAN
subnet 10.10.20.0 255.255.255.0
object network VPN-POOL
subnet 10.10.100.0 255.255.255.0
nat (inside,outside) source static LAN LAN destination static REMOTE-LAN REMOTE-LAN
nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
The same logic would apply if you were to configure more Site to Site VPNs or VPN Client connections on the local firewall.
Hope this helps
Rememember to mark correct replys as the correct answer or rate helpfull answers
Ask more if needed.
- Jouni

Similar Messages

  • Pix 501 Port Redirection with outside Dyn IP for DVR

    Hi,
    I have a pix 501 6.3 version soft. I need to access my cameras from the net. the camera address is 192.168.1.60:1042
    my ISP outside  is dynamic.
    The following is my config, please let me know what is wrong with it.
    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password bJT00RrZ7Q9S5J1B
    encrypted
    passwd bJT00RrZ7Q9S5J1B encrypted
    hostname Haiyai
    domain-name ciscopix.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list outside permit tcp any
    interface outside eq 1042
    access-list outside deny ip any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside dhcp setroute
    ip address inside 192.168.1.1
    255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp interface
    1042 192.168.1.60 1042 netmask 255.255.255.255 0 0
    access-group outside in interface
    outside
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed
    0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip
    0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00
    sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts
    3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet 192.168.1.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.33
    inside
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    dhcpd enable inside
    terminal width 80
    Cryptochecksum:57847b305111572396f1ae0410e54f7e
    : end         
    Thanks
    Morgan

    Morgan,
    Your config is perfectly fin. You have your PAT static and opened the ACL for that port
    access-list outside permit tcp any interface outside eq 1042access-lis outside deny ip any anystatic (inside,outside) tcp interface 1042 192.168.1.60 1042 netmask 255.255.255.255 0 0access-group outside in interface outside
    The issue is somewhere else. When you try to connect check the conn through the PIX "sh conn | i 192.168.1.60", and you should see the conn.Check if the camera needs more ports to open and what the PIX logs show.
    I hope it helps.
    PK

  • Virtual Hosts & Port Redirections

    Hi guys,
    In 10.6 i used to be able to setin the Server Admin GUI settings for the web service. This included Virtual Hosts & Port Redirections. How do i go about doing this on 10.7?
    For example, I need myserver.mycompany.com:80 to redirect to myserver.mycompany.com:8088 & mygreatsite.company.com:80 to redirect to mygreatsite.company.com:9006.
    Both of which are hosted on myserver.mycompany.com.
    Links apprecaited.. i'm guessing i'm in for an Apache lesson?

    I hope that article helps you, maybe you can figure it out and post back for the rest of us!
    I haven't actually read it yet, I just saved it to my Pinboard page for later, because I know eventually I will have to deal with vhosts in Lion.

  • Confused asa 5520 port redirect

    HI
    The network was simple like thie
               lan-------------(gi 1)--asa5520--(gi 0)--------------wan
    lan subnet is :  192.168.0.0/24
    wan: only one ip address   1.1.1.1
    The reqire was that:   allow all lan hosts  access to the internet  .
                                      there  is a www server  (192.168.1.10)  in lan. Need it to serve for internet.
    I config the asa like this:
         interface gi 0
              nameif outside
              ip add 1.1.1.1 255.255.255.252
         interface gi 1
              nameif inside
              ip add 192.168.1.1
         object network lan_hosts
              subnet 192.168.1.0 255.255.255.0
              nat (inside,outside) after-auto dynamic source interface
         object networkd www_host
              host 192.168.1.10
              nat (inside,outside) static interface service tcp http http
    after that, i access  the   http://1.1.1.1  from internet. BUT the port redirection wasn't work.
    what's wrong .
    can someone help me!
    tks.

    Hi,
    Although I can't see anything wrong with the actual NAT configurations I would suggest the following for them
    Default PAT for LAN
    object-group network DEFAULT-PAT-LAN-SOURCE
    network-object 192.168.1.0 255.255.255.0
    nat (any,outside) after-auto source dynamic DEFAULT-PAT-LAN-SOURCE interface
    Port Forward configurations you can leave them as is.
    Have you opened the traffic with ACL also?
    For example
    access-list OUTSIDE-IN Remark Allow HTTP for Server
    access-list OUTSIDE-IN permit tcp any object www_host eq www
    access-group OUTSIDE-IN in interface outside
    Please rate if you have found the information helpfull. Ask more questions if needed.
    - Jouni

  • Datasocket port redirection

    I need to communicate with a datasocket through a firewall where I can open only 1 port. This article: http://digital.ni.com/public.nsf/websearch/FCF8A1464BD2F6D686256B59007C9A6F?opendocument&Submitted&&node=133020_US explains that datasocket client use, a random port in interval: 1024-65536. Do you know if exists a windows tool for port redirection (or other tricks...)?
    Thank you,
    paolo.

    I haven't tried this, but the first thing that comes to mind is specifing the port after the datasocket address. Something like this...
    dstp://192.192.0.1/getdata:1024
    You use this same format for URLs when you need to use a specific port.
    Ed
    Ed Dickens - Certified LabVIEW Architect - DISTek Integration, Inc. - NI Certified Alliance Partner
    Using the Abort button to stop your VI is like using a tree to stop your car. It works, but there may be consequences.

  • Port redirection in Border Manger 3.7

    Hi
    I configured a windows 2000 based VPN server inside my lan .My lan is
    protected with border manger 3.7.I configured my perimeter router to
    forward all packets to the border manager.Now I have to redirect all VPN
    calls(PPTP tunnel,port 1723) to my internal vpn server.I tested the vpn
    connectivity by bypassing the border manager and it worked fine.How can I
    do the port redirection in Border Manger?
    Chris

    Caterina
    Do BM provide port redirection ,if so how can I do it?
    Chris
    > Chris
    >
    > I've bad news. Novell's NAT (nor packet forwarding nor port redirection)
    > doesn't support the GRE protocol that is needed for the PPTP VPN of
    > Windows. You can't do that.
    > In any case, port redirection in BM is configured through the generic
    > TCP and UDP proxies. BEcause the GRE protocol isn't either TCP or UDP,
    > you can't use them for what you need to do.
    >
    > --
    > Caterina
    > Novell Support Connection Volunteer Sysop

  • RV180W - problems on rules and port redirections

    Hello,
    I installed a RV180W router a month ago.
    Our production server has to retreive informations on a remote server so I set up the rules and port redirections accordingly on the firewall.
    I noticed that some times the rules didn't work anymore and I had to reboot the RV to fix it.
    The rules are still active on the router's admin panel as well as the services and the port redirection. The last firmware is installed.
    Does anyone experienced the same problem and found a fix?
    Thanks in advance,
    Best regards

    I hate to say it, but there are issues like this with the rv series.  Have you replace the router with another one?  That's the first thing I would try since you can probably exchange it easily right now.
    Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

  • Forced Port Redirect

    Using Oracle 9i on Linux with remote client connection, how does one force port redirection? Specifically we have the listener on port 1521 and want the server to respond to the client on a different port.
    Thanks,
    Chris

    Create another port on listner and
    change port on tnsname files of client machine.
    like
    listner
    LISTENER1 =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = pro400)(PORT = 1433))
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC6))
    SID_LIST_LISTENER1 =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = PLSExtProc)
    (ORACLE_HOME = e:\ORA)
    (PROGRAM = extproc)
    (SID_DESC =
    (GLOBAL_DBNAME = new8i)
    (ORACLE_HOME = e:\Ora)
    (SID_NAME = new8i)
    tnsname of client
    NEW8I =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = pro400)(PORT = 1433))
    (CONNECT_DATA =
    (SERVICE_NAME = new8i)
    hope it will help you
    kuljeet pal singh

  • X1 and USB Port Replicator with digital video - hangs system

    Hi
    with the X1 to help with docking it everyday at the office I have a USB Port replicator with digital video. I am not using the digital video but the USB ports, head phone and mics plus ethernet.
    When I plug it in it detects it OK, I then installed the software. But after reboot it looks to stall when logging into windows, screen flickers back and forth and locks up the operating system. I unlplug it and reboot and window is working fine.
    Note as I mentioned I am not using the digital output but instead using an external monitor via the display port on the back of the laptop.
    Also its is very slow to boot (Lenovo bios splash screen is there for about a minute)
    I have gone into the bios and turned off all other bootable devices just leaving the laptops hard drive.
    As a work around I have removed the software and I am getting the basic functionality of the port replicator, but not the ethernet.
    I have run the update manager but does not appear to show a need to update the drivers.
    Model X1 (1293-CTO)
    Windows 7

    Hi, I have this same exact problem.
    Video (anything from youtube to downloaded shows, movies) will freeze for 5-7 seconds at a time. The sound continues to play while the video is 'frozen', and the video resumes after that.
    It will happen on its own, with no bumping, but it is more prone to happen if I do something like increase the volume within the media player.
    Any suggestions are much appreciated!

  • Reversing a document with MR8M diff value in GR/IR

    When reversing a document with MR8M, differrent amount is posted to GR/IR account and PPV account
    Actual Transaction
    Vendor 123 = 100
    GR/IR account = -80
    PPV account = -20
    After Reversal:
    Vendor 123 = -100
    GR/IR account = 78
    PPV account = 22
    Please let me know what could be the reason?
    Edited by: Rickyy on Apr 27, 2011 9:33 PM

    This sap note explains exactly my problem, but now how do I clear GR/IR account?
                         GRIR Account       PPV account
    CreditMemo     39,319.31        17,834.96
    MR8M             57,294.48     
    So I cannot clear GRIR account because of the amount difference :-S
    Thanks

  • Is 'Thunder port' compatible with 'mini port' cords/divices?

    I am attempting to use my Imac 27" as a display for my xbox 360. So as instructed by "Apple chat" I purchased a KANEX XD connector for $140 and now it is not woking because of the Thunder port. Then I seeked assistance once more from "Apple chat" to purchase the Thunderbolt cord and by replacing the mini port cord with the thunder port cord my divices "should" work. I need to know if tis will work before purchase. I have beed instructed to purchase 3 items just for this one issue and 2 out of 3 have not worked and now I am -$160.00. Will purchasing this new cord solve my problem?

        But before the transition from mini to thunder, the mini display port could be attached to a KANEX XD and then to an XBOX 360 using the previous 27" iMAC then as a monitor screen for game play...
        So I already found out the NEW 27" iMAC can only receive video/audio from another thunderbolt port using the thunderbolt cord to a thunderbolt port again. Does this mean I am going to have to return all the purchased items and wait for a connector to become available to connect 360 to Thunderbolt?

  • Can Minidisplay Port work with the new Thunderbolt Display?

    I have a 2009 MBP 15 inch with Mindisplayport.
    Can Minidisplay Port work with the new Thunderbolt Display?
    If not, is there any adaptor i can use to make it work.
    I also have the new MBA with thunderbolt socket.
    Cannot decide which display to get.
    Thanks.

    Here's a new article that basically covers and clears up all the new Thunderbolt display questions (same things I previously stated).
    Enjoy!!
    http://www.tuaw.com/2011/09/18/thunderbolt-display-daisy-chaining-spec-cleared-u p/

  • My firewire port works with ext hd but not with audio interface

    2010 Imac 21.5 running 10.8.5. My firewire port works with ext hd but not with audio interface. The local authorized Apple tech said that I need a new motherboard, but my firewire ext drive works perfectly. I don't understand. Thanks.

    You must go to the website of the audio interface manufacturer and look for, download and install updated drivers for the audio device you are using.
    This is not, neccessarily, an Apple issue.

  • Reversal of delivery with handling unit management/HU #

    Hello all,
    I would like to know whether the delivery with handling unit management is reversed using LTOG. if it is reversed using LTOG in which storage type would the stock be posted back and would the packaging material of the handling unit be the same when the delivery is canceled and posted back in stock. pl. advise.
    Thanks,
    Maxx

    Hi Ramana,
    Thanks for your reply.
    in your answer you have said  it is not possible to reverse a TO with HU.
    But is it possible to reverse a delivery where the HUs are created only after packing the delivery items. if it is possible then how the packaging materials in the handling unit that are reversed are handled and where are the stocks that are returned after the delivery is cancelled is posted - i would like to know the standard sap storage type in which the stocks are posted once the delivery is cancelled or reversed.
    Thanks,
    Maxx

  • SMS_STATE_MIGRATION_POINT Health check failed for port 80 with status code 500

    My SMS_STATE_MIGRATION_POINT gets a red cross because the health check of the SMS_STATE_MIGRATION_POINT is “sometimes” failing. I don’t understand why its fails sometimes? Any suggestions.
    gr, Iwan
    Health check operation succeeded SMS_STATE_MIGRATION_POINT 4/15/2010 2:51:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 2:51:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK SMS_STATE_MIGRATION_POINT 4/15/2010 2:56:29 PM 22044 (0x561C)
    Health check operation succeeded SMS_STATE_MIGRATION_POINT 4/15/2010 2:56:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 2:56:29 PM 22044 (0x561C)
    Checking store for cleanup of failed or stale state stores... SMS_STATE_MIGRATION_POINT 4/15/2010 3:01:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error SMS_STATE_MIGRATION_POINT 4/15/2010 3:01:29 PM 22044 (0x561C)
    Health check request failed, status code is 500, 'Internal Server Error'. SMS_STATE_MIGRATION_POINT 4/15/2010 3:01:29 PM 22044 (0x561C)
    STATMSG: ID=6207 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_STATE_MIGRATION_POINT" SYS=SWAMS0083 SITE=P01 PID=13560 TID=22044 GMTDATE=Thu Apr 15 13:01:29.777 2010 ISTR0="500" ISTR1="Internal Server Error" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_STATE_MIGRATION_POINT 4/15/2010 3:01:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 3:01:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK SMS_STATE_MIGRATION_POINT 4/15/2010 3:06:29 PM 22044 (0x561C)
    Health check operation succeeded SMS_STATE_MIGRATION_POINT 4/15/2010 3:06:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 3:06:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK SMS_STATE_MIGRATION_POINT 4/15/2010 3:11:29 PM 22044 (0x561C)
    Health check operation succeeded SMS_STATE_MIGRATION_POINT 4/15/2010 3:11:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 3:11:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK SMS_STATE_MIGRATION_POINT 4/15/2010 3:16:29 PM 22044 (0x561C)
    Health check operation succeeded SMS_STATE_MIGRATION_POINT 4/15/2010 3:16:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 3:16:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK SMS_STATE_MIGRATION_POINT 4/15/2010 3:21:29 PM 22044 (0x561C)
    Health check operation succeeded SMS_STATE_MIGRATION_POINT 4/15/2010 3:21:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 3:21:29 PM 22044 (0x561C)
    Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error SMS_STATE_MIGRATION_POINT 4/15/2010 3:26:29 PM 22044 (0x561C)
    Health check request failed, status code is 500, 'Internal Server Error'. SMS_STATE_MIGRATION_POINT 4/15/2010 3:26:29 PM 22044 (0x561C)
    Completed availability check on local machine SMS_STATE_MIGRATION_POINT 4/15/2010 3:26:29 PM 22044 (0x561C)

    I'va got the following event in my security event log this is strange because the Windows Firewall is off and the problem is not always there, 8 out 10 time the health  checks passes.
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          4/15/2010 7:01:27 PM
    Event ID:      5159
    Task Category: Filtering Platform Connection
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      ********
    Description:
    The Windows Filtering Platform has blocked a bind to a local port.
    Application Information:
     Process ID:  13560
     Application Name: \device\harddiskvolume2\programs (x86)\microsoft configuration manager\bin\i386\smsexec.exe
    Network Information:
     Source Address:  0.0.0.0
     Source Port:  9000
     Protocol:  17
    Filter Information:
     Filter Run-Time ID: 0
     Layer Name:  Resource Assignment
     Layer Run-Time ID: 36

Maybe you are looking for

  • Can i put ME-SYNC_USER in T01?

    Hi, i did an application with syncbo S01, and i put the ME-SYNC_USER in each syncbo... Now, i´m doing an application with some syncbo T01, can i put ME-SYNC_USER too and in getlist and gedetail filter with this user? Thanks,

  • Can't get counter 2/3 working in simple event counting mode for NI6601

    I have been successfully been able to get counter 0 and 1 working in a simple event counting mode. But when I read Software Save register for counter2/3 it gives me garbage values. I am doing register level programming in C. This is the algorithm tha

  • How to get multiple subtotals in a query

    I am trying to get 2 subtotals from the following data, 1 by dept, and 1 by account. A sample of data would be: DEPT ACCOUNT INVOICE AMT 1 A 123 10.00 1 A 456 12.00 1 B 789 11.00 1 B 012 10.00 2 C 234 16.00 2 C 656 10.00 2 D 711 5.00 2 D 800 7.00 I w

  • Web Item Analysis Moodule in BI7 - How to Activate

    Samples provided by SAP for Web Item Analysis Modification are 4) Negative Number module (com.sap.ip.bi.rig.NegativeNumber) Depicts negative numbers in a column or entire table in red. Hi SDN Community, I have recently been exposed to Web Interface i

  • Approval Date on GRN Printout

    Hi All We had set approval procedures for  GRPO's. The Layout for GRN was designed in crystal reports. Now Our Client need Approval Date to be printed instead of Posting Date. How Can i Achieve this through queries?