Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port

Aug 15, 2012

I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.

View 12 Replies


ADVERTISEMENT

Cisco Firewall :: Reverse Port Redirection With ASA 5505?

May 16, 2013

We have a singe IP Address in the Internet and want to forward SMTP traffic that hits our ASA Outside Interace to the internal Mailserver.And we like to forward Http Traffic to our Webserver.
 
Example.
 
212.23.23.23 Port 25 -> 192.168.1.100 Port 25
212.23.23.23 Port 80 -> 192 168.1.200 Port 80
 
How do i acomplish that. Which NAT rules do in need?

View 12 Replies View Related

Cisco Firewall :: ASA 5505 Port Redirection On Same Public Address?

May 26, 2012

We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?

View 6 Replies View Related

Cisco Firewall :: ASA 5505 - Setup Single Port Exclusion For Static NAT?

Sep 20, 2012

I have been using static NAT to map between a single server behind an ASA 5505 and a single public IP address. In other words, I've been doing this:
 
object network NAT_ME
nat (inside,outside) static interface
 
Now I would like to start using the clientless VPN feature of the ASA, so I of course don't want that particular port forwarded to the server. Is there a way to define such an exclusion? I've tried several things, including setting up a separate NAT rule to direct that port back to the ASA's interface, without luck.
 
If that is not possible, what configuration would I need to move to in order to get the behavior that I want? It is important that all (non-VPN) traffic is passed exactly as it arrives at the firewall (whether it is coming from internal or external), with the exception of changing the IP address (i.e., I need static port mappings for some of my services).

View 5 Replies View Related

Cisco Firewall :: PIX 515E Port Redirection?

Nov 30, 2011

I'm trying to use port redirection to allow outside access to a internal web server. As far as I can see, everything is configured properly. The Open Port Checker tool from yougotsingle.com says that the port (80) is open. However when I goto access it the connection times out.     The external address is static from my ISP, and I will call it xxx.xxx.xxx.xxx. The server is at 10.1.1.20, and is functioning properly over the LAN.

View 7 Replies View Related

Cisco Firewall :: ASA 5500 - Port Forwarding And Redirection

Apr 3, 2012

I'm new at the ASA5500 domain. I have a question: How can I redirect traffic coming on a port to a machine inside the LAN listening to another port ? I would like to use ASDM.

View 1 Replies View Related

Cisco Firewall :: Change Default SSH Port On ASA 5505 (port Forwarding)

Dec 2, 2011

So here is my network.
 
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
 
and here is my dilemma.
 
I can SSH from the internet to my ASA on default port 22, directly to my public IP.  I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960.  From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841.  I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
 
The bottom line is that i want to be able to SSH to all three devices from the internet.  I only have one public IP.  As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001.  It appears that changing the default SSH port on Cat 2960 is not an option.  It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
 
show asp table socket
TCP       001f549f  <<pub IP>>:22              0.0.0.0:*               LISTEN
 
how do i make it listen on different port?
 
Here is relevent config for SSH for cisco 1841 (port forwarding)
 
ON ASA
object network ROUTER
host 10.10.1.1

[Code].....

View 28 Replies View Related

Cisco Firewall :: ASA 5505 / Port 5901 - Alternate Port?

Aug 18, 2011

With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.

View 5 Replies View Related

Cisco Firewall :: PIX 501 With 1 Static IP / NAT / PAT With Access List

Aug 24, 2011

I am having a problem getting this to work and I have always done it with 2 Static ip address.  but now this company changed to 1 and I am doing something wrong.

I have comcast with 1 static IP, I have a local LAN with 6 host and 1 server that does Mail and remote access and web traffic.

I need a config that allows me to use 1 static ip on the outside interface of the PIX and allow with an ACL 7 ports open to the server and allow all the local host out to the internet.

View 11 Replies View Related

Cisco Firewall :: ASA 5505 Switch From Mode / Access Port To Trunk On The Fly Via CSM

Jan 20, 2013

Can I configure the Port at the ASA 5050 from Mode: access Port to trunk during the FW is running in a production area without console access ?As I know at the 5505 ist should work?

View 3 Replies View Related

Access-list Port 0?

Jul 25, 2011

I was reviewing some old configs at work today and noticed somthing weird in the access-lists. What is this?

View 6 Replies View Related

Cisco VPN :: Port-security Or Mac Access-list On 861 Or 881?

Nov 4, 2008

how to perform port security or mac access-list on LAN ports of router 861 or 881.There are commands access-list 700-799 , but I don't know how to apply that access list on configured vlan or particular port.

View 1 Replies View Related

Cisco WAN :: 1720 Router - Commands To Set Access List To Allow Access To Port 551

Nov 29, 2010

I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.

View 14 Replies View Related

Block 1433 Port With Access List For Specific Ip Address?

Jan 2, 2012

I want to block the sql port access of my server to all except few of my ip addresses while access list on Cisco Router IOS how do i do that.

View 3 Replies View Related

Cisco Switching/Routing :: 3550 / Access List - Block One Ip Or Port

Jan 9, 2012

I have a layer 3 switch, 3550.I have several vlans on there just for playing around with. One of the vlans, has a vonage linksys box attached to it with a UK number attached. From time to time telemarketers call at 03:00 in the morning, this as I'm sure you can imagine is not much fun. The linksys box gets 192.168.3.3 as it's ip.The switch is connected to a non cisco router at 192.168.0.1
 
interface FastEthernet0/24
no switchport
ip address 192.168.0.2 255.255.255.0
 
I was thinking a time based access list would work best I have tried several variations but the phone still rings. I have tried access-list 1 deny host 192.168.3.3 permit ..... and more extensive lists but the phone still rings. I have not applied the time-range yet, so that's not the problem.I have applied the list to the vlan interface and to fa0/24 but it's not working.

View 3 Replies View Related

Cisco Application :: Tcp 3636 - How To Configure CSS Port Redirection

Oct 11, 2011

I have CSS in single arm deployment model. I want to configure port redirection for the servers.  Servers are actually running web service on port TCP 3636. Which is accessibale by VIP http://192.168.200.87:3636 but I dont want to give user this URL I want the user to use standard HTTP URL as mention below, I want user to open http://192.168.200.87 and once they access this URL automatically CSS redirect them to port 3636. How I can achive this. I am using IP addresses for the load balancing.

View 4 Replies View Related

Cisco Switching/Routing :: 861 - External IP Redirection (Port 80)

Mar 5, 2013

I have a little problem with a redirection. When I type my external ip, I am directly connected to my Cisco 861 ( through port 80 (HTTP))

Even if I do a factory default, I always have the same problem. I try to make another redirection on another internal ip , but always same problem...

View 7 Replies View Related

Home Network :: Traffic Redirection From Port 8080 To 80

Sep 5, 2012

wondering if redirection or conversion port 8080 into port 80 is possible? if so how and what cisco equipment can do that?

View 11 Replies View Related

Cisco Firewall :: ASA 5505 Vlans Routing & Access-list?

Jan 4, 2012

ASA 5505 vlans routing & access-list?

View 4 Replies View Related

Cisco Firewall :: ASA 8.4.1 Static NAT With Port Translation

May 30, 2011

I'm trying to migrate from olda PIX to newest ASA 8.4.1. Everything seems to be good except the static NAT. [code]

The inside interface uses implicit rule. ( permit any less secure network )
 
Although te above config the ASA logs the following.
 
TCP access denied by ACL from 94.94.94.94/2003 to outside:86.101.228.221/80
 
The 86.101.228.221 our public Internet IP whic are used as outside IP also.

View 8 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco Firewall :: Multiple Static Port Translations On ASA5505

Aug 15, 2011

I am at a loss on configuring a new ASA5505 for multiple static port translations.I would have expected to simply add several service command to a network object to complete the task, however, the service command overrides the previous and replaces rather than adds to the translations. [code] However, if entered in that order the 8443 overwrites the 8080 static translation.What is the correct procedure to establish multiple translations? If someone could also provide the "old" style for pre 8.2 release, I'd like to compare because I thought I used to do this with an access-list somewhere.

View 4 Replies View Related

Cisco Firewall :: Unable To Reserve Port 443 For Static PAT In Asa 5510

Jul 15, 2011

This problem applies (in my case) to our ASA5510. The issue here is that the http service on the ASA is runnnig off of the standard port 80. Login to the firewall and run the following.no http server enable http server enable 8080,Now you should be able to add a NAT/PAT on port 443 to another server of your liking. Just remember when you attempt to use ASDM to manage the ASA in the future to specify the new port 8080.

View 1 Replies View Related

Cisco Firewall :: ASA 8.3(2) / PAT Interface Address With Static NAT Port Translation?

Aug 22, 2011

I have an 8.3(2) ASA with a single outside IP.  Dynamic PAT translates inside addresses to the outside interface address.  I would like to use static NAT with port translation to access an inside syslog server.  I got an error when I tried using the outside interface address.  Can I use both dynamic PAT and Port Translation with the same outside address?This is what I would like to use but I receive an error saying there is an overlap using the outside interface address.(192.168.1.0 is my inside network.  10.10.1.10 is the outside interface IP.)
 
object network inside-net
  subnet 192.168.1.0 255.255.255.0
  nat (inside, outside) dynamic interface
 object network SYSLOG_SERVER
  host 192.168.1.50
  nat (inside,outside) static 10.10.1.10 service tcp ssh ssh

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Static Hosts Cannot Access Outside

Feb 9, 2013

I have configured the ASA in a very similar manner to how the PIX was set up but I'm having trouble with some hosts on the inside accessing the Internet. Any inside hosts which use DHCP work fine. Any inside hosts with a static IP (and configured on the ASA with a "static" rule) cannot access the Internet. For example, in the config below the server daviker-dialler cannot access the Internet. I've spent a few days working on this now and have started from scratch several times but I'm not getting anywhere. Apologies for all the X's everywhere, didn't like to post anything sensitive on the Internet.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Blocking FTP Port

Nov 28, 2011

I am working on an ASA5505 and am trying to open the ftp port. I have a server (192.168.10.202) on the local LAN which is attempting to download antivirus updates from the net via ftp.  
 
Saved
:
ASA Version 8.3(2)
!
hostname SITE
enable password XXXXXX
passwd XXXXXX
names

[code]....

View 4 Replies View Related

Cisco Firewall :: Port Mapping On ASA 5505?

Jun 6, 2011

how do you enabled multiple port mapping on asa 5505? i want to use 1 static ip address for rdp connection for 15 users, and the port will start from 3390 to 3340. 

View 4 Replies View Related

Cisco Firewall :: Port Forwarding In 5505

Feb 25, 2013

have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.All this box really does is port forward external clients to 1 address on the internal lan for client software updates.So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.

View 16 Replies View Related

Cisco Firewall :: ASA 5505 Port Forwarding NAT

Dec 6, 2012

I have ASA5505 and am having issue with port forwarding NAT . [code]

View 11 Replies View Related

Cisco Firewall :: NAT / Opening A Port On ASA 5505?

Apr 5, 2012

my friend was against a wall trying to update her office's system, and it seems like every Cisco person in the region has gone on vacation.For some sort of new system her office is getting, she was told that she needed to enable NAT with external IP xxx.xxx.xxx.14 (The ASA's IP is xxx.xxx.xxx.11) and internal IP xxx.xxx.xxx.58 and that port 8222 needs to be open.  I know this is sort of vague, but it's what she was given, and I know the 8222 port is very specific in function,?
 
At any rate, the best I could come up with was to run:
 
static (inside,outside) xxx.xxx.xxx.58 xxx.xxx.xxx.14 netmask 255.255.255.255
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq www
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq https
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq 8222
access-list inbound extended permit udp any host xxx.xxx.xxx.11 eq 8222
access-group inbound in interface outside
 
But after I inserted this, she did what she was supposed to be able to do (went home and tried to run some sort of remote installation file) and it didn't work...

View 8 Replies View Related

Cisco Firewall :: ASA 5505 Port Blocking?

Jun 24, 2012

I have an ASA 5505 running 8.4.I am only letting ICMP traffic in from the outside.As a test, I opened a couple of ports I need on the ASA.I cannot access these ports and I do not get a denied error in the log.
 
I contacted the ISP and they are not blocking these ports.I ran an online port scanner to check ports 1-100 as a test.  They all came up as blocked on the port scanner.  The only deny error I got on the ASA was for port 80.Is this normal behavior?  If so, how do I get it to show all of the deny errors so I know the traffic is at least hitting the firewall?

View 2 Replies View Related

Cisco Firewall :: Port Forwarding On 5505?

Sep 1, 2012

I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox (moderate NAT).
 
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
 
[code]
# sh run
: Saved
:

[Code].....

View 3 Replies View Related

Cisco Firewall :: Port Forwarding With ASA 5505

Oct 1, 2012

I am trying to forward specific ports from the outside interface on my ASA5505 to my servers inside and can not get it to work! I have a VPN that currently works and the firewall rule in place I am just overlooking something simple I'm sure. Here is the config:
 
ASA Version 8.2(5)
!
hostname ASA
enable password <removed>
passwd <removed>
[Code]...

View 16 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved