ASA Port Forwarding

ASA 8.2 OS and below

static (inside,outside) tcp 78.109.174.100 80 “your internal ip” 80
static (inside,outside) tcp 78.109.174.100 https “your internal ip” https
static (inside,outside) tcp 78.109.174.100 21 “your internal ip” 21

access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq http
access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq https
access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq ftp

access-group OUTSIDE_TO_INSIDE in interface outside

ASA 8.3 OS and above

object network SERVER1

host x.x.x.x (internal server IP)
nat (dmz,outside) static PUBLIC_IP service tcp http http

object network SERVER2
host x.x.x.x
nat (dmz,outside) static PUBLIC_IP service tcp https https

object network SERVER3
host x.x.x.x
nat (dmz,outside) static PUBLIC_IP service tcp ftp ftp

object network PUBLIC_IP
host 78.109.174.100

access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER1 eq http
access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER2 eq https
access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER3 eq ftp

access-group OUTSIDE_TO_INSIDE in interface OUTSIDE

****The ACL references the “internal ip address” and not the external as in older ASA OS.

Leave a Comment

Your email address will not be published. Required fields are marked *