cisco ASA ASDM Port forwarding on Version 9

Thank you so much! I have spent months trying different configurations and looking at countless tutorials but none of them worked. I can finally access my service from the outside. Thank you again!

THANK YOU! I have been watching countless Cisco videos on how to get port forwarding working, and none of them worked. This worked first try!

You just ended a 72 hour headache!!!! Thanks a million!

Thank you a million. I've been struggling for 3 days just to get the port forwarding work

You are a genius!! You saved me from a serious headache. Why the hell cant Cisco create simple instructions like!!! Jesus!! Thanks a bunch my friend!!....Your pal from NYC

Thanks dude, I've fought these ASAs off and on for years, your tip for the different NAT vs Access ports cleared things up a bit.

Awesome video - I like your simple to follow explanation and was able to solve an issue that took me a full day to figure out

Cheers man just had to open a port and this worked out well.

The best guide that I've found so far to do this!!! Thanks!

This was a GREAT job explaining this ! Thank you. I was able to use your example to solve my RDP issue. THANK YOU !!!

THANK YOU!!!! 5 hrs of trying to find the solution!!!

Great instructions. One small change that I had to make: On the NAT rule I had to change the Original Packet Service entry from "Any" to the specific service being NAT'd; when it was set at ANY the host wasn't able to load web pages, etc.

This helped a lot configuring an ASA 5500 Series Firewall! Thank You!!!

Thanks Sir. It was really helpful ..... Hope you will continue with more video

Thanks, usage of inside and outside interfaces is counter intuitive for me in this case (I tried the other and wrong direction), different tcp services in FW and NAT rules helped too.

Thank you, this was perfect. was struggling with this newer version, and now im good.

Best video on this subject

Tksn Man. Very helpful and very didactic. Congrats!

Good overall tutorial. I would make a note to the users that are running version 8.2 and before the following... IP addresses used in the ACLs are different (pre-8.3 versions used the global/translated IPs, whereas 8.3 always uses the real IPs (untranslated)

You definitely earned my like for this video. Thank you.

Great vedio. Really appreciated. I am a new beginner. I could understand

Very helpful! Thank you, kind sir!!

Thanks a lot Boss, This was really helpful

Thanks a lot bro, very useful lesson.

Great Video. Well done, Thank you.

Thank you very much. It helped me a lot!

Strange, i followed your tutorial to make a portforwarding for https from my external interface to my exchange server but it doesn't work.
What i completely don't understand:
Why does the NAT Rule has the internal Network as a source when the packet is coming from the internet?
I thought my Source-Interface should be the WAN Interface since the packet from the internet will hit this Interface first and then the packet needs to be forwarded to the internal Interface via static NAT.

Thank you very much for your help! I spent two days reading cisco official documentation and cannot make a solution

really helpful! cheerup!

thank you...this worked great!

Very helpful, but for some reason don't work for me, I am try to forward the por SSH, to one of my servers inside, may be is because the ASA is using that ssh port ?

good video ,but wanted to knw ,could this be the same on an ASA 5520 using ASDM version 7?

Well done to Cisco for making something straight forward completely convoluted. Ridiculous.

Hi bro ,
Please help me, I have a little problem. I did like you but when I try to connect from outside I come across the following problem
=============
An attempt was made to connect to an inside address is denied by the security policy that is defined for the specified traffic type. The IP address displayed is the real IP address instead of the IP address that appears through NAT. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the ASA, and it was dropped. The tcp_flags in this packet are FIN and ACK.
=============

where i can find the link for downloading or installing cisco ASDM ? Can u help me ?

Hi Ahmed, Is it possible to connect via RDP using different external ports. I am trying to use the same public ip but would like to use different external ports connecting to different servers on the inside using 3389. I can do this on a Linksys. How do you do this on a 5510 Ver 9.

Thank you for this Vid!!!!!!!

HI,
If i do :
nat (INSIDE,OUTSIDE) source static 192.168.137.74 interface
I get that:
WARNING: All traffic destined to the IP address of the OUTSIDE interface is being redirected.
WARNING: Users may not be able to access any service enabled on the OUTSIDE interface.
and it cuts off my ASDM connection on the outside intreface.
What is this message and what is happening?

I think i failed in the part of NAT, the part of service origin and destination. Thank you for this tutorial!

I tried this for L2TP UDP Ports 500,4500,555,1701 but it's not going through :-(

Nice video... Can you upload more.?
. I learning the asdm configuration complete videos..

kindly describe briefly concept of rules configuration like as (source , destination and flow of access)

Hi, could you help me pointing my LAN IP address going to my public IP as a webserver please.

I reckon this is a working solution, but:
a) it is very unsafe - you are directly exposing RDP port to attacks - I prefer to mask it, using port translation - i.e. 3389 to some another port;
b) because of the default port used, you cannot reach another PC on your network via the same port - it is already taken. What if you need to RDP into two PCs?
c) There is no need to add NAT manually - there is an option in 9.x to add NAT, when creating network object, at once with the proper port translation (tcp/3389 into something else on outside).

HOW DID YOU MOVE THE RULE FROM BOTTOM TO UP?????

Good video

Can some one help me ... like this i was able to open a server running http at port 80 - without problem - so my public ip: XXX.XXX.XXX.XXX:80/mywebpage - is translated to 192.168.100.1:80/mywebpage - so far so good.
But i would like to publish XXX.XXX.XXX.XXX:9050/mywebpage ( as example ) - change the external port - and keeps it translating to - 192.168.100.1:80/mywebpage - as soon i try in NAT to change the external incomming port - it breaks the connection - and logs says - translating to 192.168.100.1:9050/mywebpage
How can i do this properly? Port fwd is quite simple in any other firewall :( even in home or pfsense - but not in ASA. What is the trick ?

Thank you sir

doesnt seem to work for us, when i finish doing all the steps, the internet stops working for some reason...?

Muito Bom, ... ótimo !

Thank you

Thanks!

Thanks

In this shown configuration he wont have Internet access as there is no PAT rule...Not correct

This is not the correct way to do a classic port forwarding. This is going to mess up all the traffic going in and out to that PC, starting with browsing the Internet. The correct and easiest way to do it is via network object static NAT. See here www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html

brake