[c-nsp] Cisco ASA static tcp forwarding question
Andy Dills
andy at xecu.net
Sun Dec 30 10:13:48 EST 2007
On Sat, 29 Dec 2007, Michael Smith wrote:
> Hello All:
>
> Is it possible to have a scenario where traffic coming in to a server
> on either port 443 or port 80 is sent to the inside host only on port
> 443? Something like:
>
> static (inside,outside) tcp x.x.x.x https 192.168.1.1 https
> static (inside,outside) tcp x.x.x.x http 192.168.1.1 https
>
> The above commands don't work because a previous entry is seen when
> trying to add the second so I'm curious if anyone has gotten this
> working and how? This configuration is on a 5510 running 8.0(3).
You have to have one-to-one correspondence, the IP/port outside/inside
addresses cannot have multiple static bindings. Otherwise, the ASA wont
know which rule to use on the reply packets.
Bind an additional IP to the server at 192.168.1.1, say 192.168.1.2, and
then:
static (inside,outside) tcp x.x.x.x https 192.168.1.1 https
static (inside,outside) tcp x.x.x.x http 192.168.1.2 https
Andy
---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---
More information about the cisco-nsp
mailing list