I need to forward some ports for remote desktop and remote outlook which I host on an internal server. I have looked all over the web and got close, but no hints on how to do it in the asa 8.2. there is an 8.3 guide, but it is just different enough to not work. I am new to this device and cli.
View 3 RepliesI have an ASA 5505 running 8.4(1), and I'm configuring it with ASDM 6.4(1). The outside interface is configured with a single static address. I have a few services port forwarded sucessfully to three different servers on the inside network.
I need to make a media proxy on a SIP server available to the outside. It requires a large range of forwarded UDP ports for the media channels.
I tried adding a network object NAT rule like the others I'm already using to forward HTTP and RDP. I entered a range of ports for the real port and the mapped port using the syntax 60000-60999. ASDM accepted it, but the NAT rule list displays "Any" in the service column. When I apply the change, I get the following error:
nat (inside,outside) static interface service tcp 60000-60999 60000-60999
^
ERROR: % Invalid input detected at '^' marker.
How do I forward a large range of UDP ports from the outside interface to a single server on my inside network? I'd like to use ASDM, but I can switch to the CLI if that works better.
We're trying to get a remote access setup for someone who needs to have access from offsite. To make things easy we set it up with a virtual machine running Windows 7 and RDP. Because the "other end" isn't our computer and we've had some difficulties with people using the Cisco VPN client successfully, we were just going to set up a machine as a RDP Gateway and forward the port through the firewall (WebVPN might be nice, but the plugins only do RDP through v5.x). I've tried this on 8.4-1 and after reinstalling the latest 8.2, and supposedly the NAT works and there is a firewall rule allowing access from the outside to the RD-GW server on HTTPS, but the ASA is still blocking those packets. I've looked at 4 howtos and followed them, trying from the console and from ADSM (and one trashed the whole setup, probably related to the reinstall of 8.2) - [code]
View 4 Replies View RelatedI am trying to forward both TCP and UDP ports 3074 but it looks like I can only have either TCP/3074 or UDP/3074 open one at a time. When I try to enter the UDP/3074 NAT statement, I get "ERROR: NAT unable to reserve ports". [code]
View 4 Replies View RelatedWe have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?
View 3 Replies View Relatedi've a cisco asa5505 on adam 6.4 and a dvr i would like to forward the ports 9000 and 85 in order to monitor the dvr from outside?
View 1 Replies View RelatedI have a cisco asa 5505 and i need a public ip address on the inside of my network without NAT. for example: I can create a static nat translation rule, but this is not what i need.
isp -> x.x.x.1 /29 (outside asa) (inside network) x.x.x.2 /29
Is this possible?
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 5 Replies View RelatedI just got a Cisco asa 5505 with the next OS and ASDM info ASA 5505 OS 8.4(3) ASDM 6.47 I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.
Problem 1 I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
Problem 2. I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
Facts: SMTP. Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.PORT 6001 (outside)this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
CONFIGURATION.
: Saved
:
ASA Version 8.4(3)
!
hostname saturn1
domain-name mydominio.com
enable password SOMEPASS encrypted
[code]....
I have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.
All this box really does is port forward external clients to 1 address on the internal lan for client software updates. Any example configs?
So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2
So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.
I am new to ASA's and have just configured my 5505 out the box with an outside (10.10.1.7) + inside (192.168.1.1) IP & NAT. The ASA has got a default route to another router (default geteway) thats connected to the internet. I have it connected this way so I can play and **** around with the ASA. My problem is when I try and ping a host on the ASA inside network (192.168.1.0/24) from the outside (10.10.1.0/24) I'm getting the following error: 5May 07 201316:38:36305013192.168.1.6Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:10.10.1.22 dst inside:192.168.1.6 (type 8, code 0) denied due to NAT reverse path failure The recommendation from the syslog details is:"When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the inspect command if the application embeds the IP address". Beliw is my config:
interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 10.10.1.7 255.255.255.0!boot system disk0:/asa842-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns domain-lookup insidedns domain-lookup outsidedns server-group DefaultDNSname-server 10.10.1.1object network obj_anysubnet 0.0.0.0 0.0.0.0object network obj_net_Insidesubnet 192.168.1.0 255.255.255.0object network Outside_globalhost 10.10.1.6access-list outside_access_in extended permit icmp any any echo-replyaccess-list outside_access_in extended permit icmp any any source-quenchaccess-list outside_access_in extended permit icmp any any unreachableaccess-list outside_access_in extended permit icmp any any time-exceededaccess-list
[code]....
Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505. The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet). I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside) [code]
View 2 Replies View RelatedWe have a client that is running a PC on a internet over satellite. To avoid any unessecery traffic over the satellite link (data traffic is quite expensive), we've suggested to use a 5505, as we had one handy already.
So basically what we wanted was to block everything outgoing and everything ingoing, except for example port 22 (ssh).
But I'm struggling a bit, since this is my first cisco router to be configured.
My interfaces are as follows.
Outside - DHCP
Inside (port 1) - 192.168.1.1
I'm only running ipv4.
in ASDM I made a static NAT rule for port 22, being forwarded to 192.168.1.5 (the computer)
in Access rules I made under outside (incomming rules) source=any destination=outside service=ssh action=permit
But when I try to add further rules to block everything else, it takes the SSH on port 22 with it. How should I do this the easiest way?
the hardware setup is pretty straight forward.
sat-terminal(with IP 192.168.0.1 running DHCP) -> 5505 (outside IP=DHCP - inside IP=192.168.1.1) -> computer (IP=192.168.1.5)
I've an ASA 5505 as my gateway for my internet at home. I've one public IP, so I use Port Address translatetion for my internal clients.
Now i wanna setup a FTP server, on a internal client. I will use Filezilla FTP server. I'm running the FTP server in passive mode, since the FTP server would be behind my ASA firewall/nat device.
I need 50 ports for the passive mode to be running.
I will use port range 50000-50050. I can easy make a firewall rule (access-list) that permit that port range.
But how do I PAT(NAT) a port-range on the ASA device? I can only figure out how to NAT one port at the time.
I have an ASA 5505 with ASA version 7.2(2) and ASDM version 5.2(2) and I am attempting to open ports 88 and 5445 and forward them to the IP address of my DVR. This is all new for me. I see several posts for other software version to do this same thing but my version appears to be older?
View 1 Replies View RelatedI am trying to configure a new 5505 but I am having difficulties opening ports that allow traffic in from the outside. My setup is Comcast Business Modem (w/ single static IP) -> ASA (10.0.0.1) -> (dumb) Switch -> NAS (10.0.0.10). I am attemping to open port 5001 to the NAS. I am very new to IOS so I have mostly been working in ASDM. Not sure if I am overcomplicating this for myself or what but I am stuck.
My running config is -
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
[Code].....
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 7 Replies View RelatedI'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly.
[code]....
When I do an NMAP scan against my ASA 5505 on it's internal interface's IP address, it appears to be listening on all TCP ports. If I do it from across a VPN tunnel, the ports show as open according to NMAP, if I do the scan from the local subnet they show up as unknown. I'm running 8.0.4 code on this ASA.
View 1 Replies View RelatedWe've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
View 1 Replies View Related I am trying to open up 3 TCP ports in Cisco ASDM Launcher:
16000
16001
8098
And have a Cisco ASA 5505 Router. I need these ports open in order for a software that I have installed on the server to communicate with my local client computers for my business, The software is installed on Windows 2008 Server Standard Edition and was installed with MicrosoftSQL 2005. The software and Microsft SQL 2005 is pretty much installed and just requires this last step in order for the server to be connected to the local computers. In order to resolve this, I have gone to.
How to list ports open on Cisco ASA 5505 appliance? I have tried to see using Cisco ASDM launcher, but no luck.
View 1 Replies View RelatedI am used to setting up access-lists on outside interfaces with ip addresses that are static. I have recently been given a site that is using a dyndns.org client for name to ip address resolution on an outside interface that is dhcp assigned. I created an access-list to open up ports 41794 and 41795 to an engineering application but everytime I try to connect from the outside I get a syn timeout. The application works when inside the lan. Basically I want to allow outside connections from anywhere on the outside to go to ports 41794 and 41795. I am running a Cisco ASA 5505 on version 7.2(4) Below is my conifg. what I may have misconfigured?
: Saved:ASA Version 7.2(4)!names!interface Vlan1 nameif inside security-level 100 ip address 172.31.2.1 255.255.255.0!interface Vlan2 nameif outside security-level 0 ip address dhcp setroute!interface Ethernet0/0 switchport access vlan 2!interface
[Code].....
I'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:
host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.
I've just bought a Cisco 887m-k9 and I am trying to forward the ports. I have a Polycom HDX H.323 device connected to it with a static IP of 10.10.10.5 (ethernet port 0).Previously I had a consumer grade Linksys router which worked fine (I simply entered ports into the GUI), but I couldn't hardcode LAN port speed so I bought this. I have the list of TCP and UDP ports which are forwarded using the following commands:
ip nat pool Polycom 10.10.10.5 10.10.10.5 netmask 255.255.255.0 type rotary
ip nat inside source static tcp 10.10.10.5 80 88.xxx.xxx.49 80 extendable
ip nat inside source static tcp 10.10.10.5 443 88.xxx.xxx.49 443 extendable
ip nat inside source static tcp 10.10.10.5 1300 88.xxx.xxx.49 1300 extendable
[code]....
Where 88.xx.xx.49 is my static IP, while 77.xx.xx.170 is my default gateway.
I had a DI 604 router and I couldn't forward ports, someone told me to buy a new router because my modem (TM602G) doesn't have a built-in router and can't be blocking it so I bought a DIR 601 with wireless and I still have the problem.I don't have any firewalls.
View 19 Replies View RelatedIve been having trouble opening any ports on my windows 7 desktop. I connect wirelessly to my D-link Dir 655. I've tried port forwarding single ports to a static ip, but that didnt work either. I currently have the dmz server enabled and still no ports are open according to this port checker Open Port Check Tool - Test Port Forwarding on Your Router I have the windows firewall service disabled, upnp is enabled on my computer and router, i have spi firewall disabled, qos is disabled, and endpoint tcp/udp filtering on endpoint independent.
View 3 Replies View RelatedI'm trying to open ports 2934 and 2935 UDP on my Linksys E1000 router in order to play Falcon 4: Allied Force multiplayer but it's not working.I've correctly created a static IP, and logged in to the E1000's page. Under "Applications & Gaming", and then under "Port Range Forwarding" I entered values thus:
[code]....
I cannot successfully forward ports on this router, I've tried a few things but I can only assume the firmware is bad. I've already looked around for a solution but everyone says they solved it by just getting a different router (which at the moment isn't an option).
View 3 Replies View RelatedI can't get port forwarding to work, even when I turn off the Windows 7 firewall and AVG anti-virus software I'm running. I entered the IP address of my laptop (with a DHCP reservation) and UDP and TCP port numbers, with Schedule set to Always and Inbound Filter set to Allow All. That should be it, right? However, when I check the ports using PFPortChecker, both the UDP and TCP ports are blocked. I do have a Linksys wireless router daisy-chained to the D-Link router, but I'm not communicating on this computer through the Linksys router and the problem still occurs even when the other router is disconnected, so that doesn't appear to have anything to do with the problem. I just updated to the latest firmware (3.13NA).
View 11 Replies View RelatedI have a router 1802 with a several vlans with IP 192.168.x.0/24 for each vlan (x, it meaning 1, 2, 3, 4, etc.).Now I need that an IP address outside from my network (this IP it is always the same) to be access to on particular machine that is in a private network (192.168.3.0/24) through a several ports:
25 (TCP,UDP), 80 (TCP,UDP), 554 (TCP,UDP), 2000 (TCP,UDP), 10002 (TCP,UDP), 10000 (TCP,UDP), 3000 (TCP,UDP), 3041 (TCP,UDP)
How can I do it?
Outside PC ---------Internet ----MyRouter -----MyParticularPC
83.240.194.99 193.136.80.1 192.168.3.1
how to forward ports using routers
View 2 Replies View Related