74-68
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Port Forwarding
Step3 port-forward {list_name local_port remote_server
remote_port description}
Example:
hostname(config)# webvpn
hostname(config-webvpn)# port-forward
SalesGroupPorts 20143 IMAP4Sserver 143 Get Mail
hostname(config-webvpn)# port-forward
SalesGroupPorts 20025 SMTPSserver 25 Send Mail
hostname(config-webvpn)# port-forward
SalesGroupPorts 20022 DDTSserver 22 DDTS over SSH
hostname(config-webvpn)# port-forward
SalesGroupPorts 20023 Telnetserver 23 Telnet
Adds a port forwarding entry to a list.
list_name—Name for a set of applications
(technically, a set of forwarded TCP ports) for
users of clientless SSL VPN sessions to access.
The ASA creates a list using the name you enter
if it does not recognize it. Otherwise, it adds the
port forwarding entry to the list. Maximum 64
characters.
local_port—Port that listens for TCP traffic for
an application running on the user’s computer.
You can use a local port number only once for
each port forwarding list. Enter a port number in
the range 1-65535 or port name. To avoid
conflicts with existing services, use a port
number greater than 1024.
remote_server—DNS name or IP address of the
remote server for an application. The IP address
can be in IPv4 or IPv6 format. We recommend a
DNS name so that you do not have to configure
the client applications for a specific IP address.
Note The DNS name must match the one assigned
to the tunnel group to establish the tunnel
and resolve to an IP address, per the
instructions in the previous section. The
default setting for both the domain-name
group and dns-group commands described
in that section is DefaultDNS.
remote_port—Port to connect to for this
application on the remote server. This is the
actual port the application uses. Enter a port
number in the range 1-65535 or port name.
description—Application name or short
description that displays on the end user Port
Forwarding Java applet screen. Maximum 64
characters.
Shows how to create a port forwarding list called
SalesGroupPorts that provides access to these
applications.
Step4 (Optional)
no port-forward list_name local_port
Removes an entry from the list, specifying both the
list and the local port.
Command Purpose