Cisco Firewall :: Port Mapping On ASA 5505?
Jun 6, 2011how do you enabled multiple port mapping on asa 5505? i want to use 1 static ip address for rdp connection for 15 users, and the port will start from 3390 to 3340.
View 4 Replies
ADVERTISEMENT
Cisco Firewall :: 5505 Static Nat With Port Redirection 8.3 Access List Using Un-Nat Port
Aug 15, 2012I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.
View 12 Replies View RelatedCisco Firewall :: Change Default SSH Port On ASA 5505 (port Forwarding)
Dec 2, 2011So here is my network.
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP. I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet. I only have one public IP. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. It appears that changing the default SSH port on Cat 2960 is not an option. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP 001f549f <<pub IP>>:22 0.0.0.0:* LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
ON ASA
object network ROUTER
host 10.10.1.1
[Code].....
Cisco Firewall :: ASA 5505 / Port 5901 - Alternate Port?
Aug 18, 2011With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.
View 5 Replies View RelatedCisco AAA/Identity/Nac :: ASA 5505 Does Some LDAP Attribute Mapping To Get Group Membership For DAP
Dec 21, 2012I have a working ASA 5505 that is used for remote access. It authenticates users via RADIUS (Microsoft AD using two IAS servers), it also authorises users via LDAP and it does some LDAP attribute mapping to get group membership for DAP. This is all working fine however recently I enabled IPv6 to do some testing. I have a /126 subnet on the Inside interface (maps to its equivalent /30 IPv4 subnet) and OSPFv3 running so the ASA has visibility of the internal IPv6 networks. DNS client is enabled in the ASA and all the authentication servers are entered as hostnames. The two RADIUS servers only have A records and the two LDAP servers (Windows DC's) have both A and AAAA records. My plan was to begin test IPv6 on the AnyConnect VPN clients (once I was happy the ASA was working fine with IPv6).
When I initially enabled IPv6 everything continued to work as before, however I had to reboot the ASA today and after it all came back up authorisation stopped working. I did a bit of troubleshooting and the ASA is complaining of not being able to resolve the addresses of the two LDAP servers. From the CLI I can ping the hostnames and the LDAP servers resolve to IPv6 addresses and the RADIUS servers resolve to IPv4 addresses. When I issue the command 'show aaa-server LDAP' (LDAP is the name of the group) I see the servers listed but the address displays 0.0.0.0:
Prior to the reboot both the LDAP servers were showing thier addresses (IPv4) correctly. I can workaround it by disabling IPv6 on the ASA, letting it lookup the (IPv4) addresses of the LDAP servers (so they appear in the 'Server Address:' field above) and then re-enabling IPv6. Strangely deleting and re-adding the servers just with their IPv4 addresses also fails but I haven't fully tested this. I don't know but I think I would have the same behaviour if the RADIUS servers also had AAAA records.
I assume when IPv6 is enabled on the ASA it will perform AAAA lookups as well as A lookups but the LDAP client cannot use IPv6? Just guessing at the moment as I haven't managed to get a LAN capture. [code]
Cisco Switches :: SF200 Port Mapping Function
Mar 14, 2013i was able to configure (via SF200 web interface) a port mapping from port FE17 to FE7.i have supressed this port mapping.
when i try to reconfigure a port mapping from port FE17 to FE3. The SF200 web interface crash. the SF200 seems to reboot.
i have updated the SF200 firmware from V1.1.2.0 to V1.1.2.9.44.when i was able to configure (via SF200 web interface) a port mapping from port FE17 to FE7.But after having suppressed this port mapping again, i was not able to reconfigure a new port mapping from port FE1 to FE3 (the SF200 hangs).
Cisco Firewall :: 5505 ASA Trunk Port In Firewall
Apr 30, 2012I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2
View 3 Replies View RelatedCisco Switching/Routing :: Doubt About WS-X6148A-GE-TX Port-ASIC Mapping
Jan 4, 2012Can some clarify what is the Port-Asic mapping in WS-X6148A-GE-TX.
View 3 Replies View RelatedCisco Switching/Routing :: How Port-ASIC Mapping In Linecard WS-X6148-GE-TX
Dec 28, 2011how is port-ASIC mapping in linecard WS-X6148-GE-TX?
View 5 Replies View RelatedTP-Link ADSL2+ Wireless :: Where Is PVC Ethernet Port Mapping In TD W8961ND
Jan 18, 2013Region : Vietnam
Model : TD-W8961ND
Hardware Version : V3
Firmware Version : 3.0.0 build 120524 rel 05221
ISP : VNPT
Where is the PVC Ethernet Port Mapping in TD W8961ND?
Cisco Firewall :: ASA 5505 Blocking FTP Port
Nov 28, 2011I am working on an ASA5505 and am trying to open the ftp port. I have a server (192.168.10.202) on the local LAN which is attempting to download antivirus updates from the net via ftp.
Saved
:
ASA Version 8.3(2)
!
hostname SITE
enable password XXXXXX
passwd XXXXXX
names
[code]....
Cisco Firewall :: Port Forwarding In 5505
Feb 25, 2013have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.All this box really does is port forward external clients to 1 address on the internal lan for client software updates.So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.
View 16 Replies View RelatedCisco Firewall :: ASA 5505 Port Forwarding NAT
Dec 6, 2012I have ASA5505 and am having issue with port forwarding NAT . [code]
View 11 Replies View RelatedCisco Firewall :: NAT / Opening A Port On ASA 5505?
Apr 5, 2012my friend was against a wall trying to update her office's system, and it seems like every Cisco person in the region has gone on vacation.For some sort of new system her office is getting, she was told that she needed to enable NAT with external IP xxx.xxx.xxx.14 (The ASA's IP is xxx.xxx.xxx.11) and internal IP xxx.xxx.xxx.58 and that port 8222 needs to be open. I know this is sort of vague, but it's what she was given, and I know the 8222 port is very specific in function,?
At any rate, the best I could come up with was to run:
static (inside,outside) xxx.xxx.xxx.58 xxx.xxx.xxx.14 netmask 255.255.255.255
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq www
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq https
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq 8222
access-list inbound extended permit udp any host xxx.xxx.xxx.11 eq 8222
access-group inbound in interface outside
But after I inserted this, she did what she was supposed to be able to do (went home and tried to run some sort of remote installation file) and it didn't work...
Cisco Firewall :: ASA 5505 Port Blocking?
Jun 24, 2012I have an ASA 5505 running 8.4.I am only letting ICMP traffic in from the outside.As a test, I opened a couple of ports I need on the ASA.I cannot access these ports and I do not get a denied error in the log.
I contacted the ISP and they are not blocking these ports.I ran an online port scanner to check ports 1-100 as a test. They all came up as blocked on the port scanner. The only deny error I got on the ASA was for port 80.Is this normal behavior? If so, how do I get it to show all of the deny errors so I know the traffic is at least hitting the firewall?
Cisco Firewall :: Port Forwarding On 5505?
Sep 1, 2012I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox (moderate NAT).
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
[code]
# sh run
: Saved
:
[Code].....
Cisco Firewall :: Port Forwarding With ASA 5505
Oct 1, 2012I am trying to forward specific ports from the outside interface on my ASA5505 to my servers inside and can not get it to work! I have a VPN that currently works and the firewall rule in place I am just overlooking something simple I'm sure. Here is the config:
ASA Version 8.2(5)
!
hostname ASA
enable password <removed>
passwd <removed>
[Code]...
Cisco Firewall :: Setting Up Port Forwarding ASA 5505
Mar 15, 2012We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4) I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.
Cisco Firewall :: Isolate Internal Net On Port 4 Asa 5505?
Nov 20, 2011I want to have my port 4 on the asa 5505 only allow access to the internet and not the internal network, what do i need to do?
View 1 Replies View RelatedCisco Firewall :: Monitor Connections To DMZ Port On ASA 5505?
Mar 22, 2012How do I monitor connections to the DMZ port on our ASA 5505 (via ASDM 5.2)? We have a WAP connected to it and it's intermittently dropping connections.
View 2 Replies View RelatedCisco Firewall :: 3389 Port Allowed From Some IPs On ASA 5505?
May 6, 2012I would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
Here is my config:
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object
[code].....
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...
Cisco Firewall :: How To Set Up NAT For Two Servers Using Same Port With ASDM ASA 5505
Apr 10, 2012We have a new installation of a ASA 5505 and are trying to get some NAT issues straightened out. On our internal network, we have two servers running Filemaker Server, a relational database server that clients connect with using port 5003. Our goal is to be able to allow users from the outside to access either of these servers as needed. I know how to set up a simple static NAT rule and matching Access rule in ASDM which would be fine for a case in which only one server using a given port is running on a network, but for simple static rules I seem to be blocked from entering a different translated port number from the orginal port number, which becomes a problem when two servers we need to access from the outside are running software using the same port number.
What is the simplest way to address this need? I am guessing that I need to set up a scenario like this, where port 5004 (or any arbitrarily choosen unused port, can be used to access the second server: [code]
Cisco Firewall :: Open Port 52199 On ASA 5505?
Mar 11, 2011I am trying to open port 52199 on my ASA 5505 I have gone to firewall, access rules and then add tcpip.Not sure if that is the correct place but cannot get it to work?
View 1 Replies View RelatedCisco Firewall :: ASA 5505 Can't Configure Port Forwarding
May 20, 2012I have ASA 5505 with 8.4(2)8 software for one of my branch offices and I can't configure port forwarding.It seems to be very simple, but it's not working. I use my ASA as a gateway to the internet for users in office and for site-to-site IPSec VPN to HQ. I have pppoe-enabled outside interface, but ISP gives me static routable ip address. I have server behind my firewall and I should "publish" to the WAN some of its' tcp and udp ports, but I see that no packets forwarded through ASA. I tried to configure PAT as stated in official "Cisco Security Appliance Configuration Guide" through CLI and ASDM.[code]
View 4 Replies View RelatedCisco Firewall :: ASA 5505 Port Forwarding With Different IP Address
Dec 27, 2011I have Cisco ASA 5505 Firewall with security plus license, Currently I open ports on 25,80,443 on public IP address 1.1.1.1 and perform static nat between the inside and outside IP address Such as i configured via CLI
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 80
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 443
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 25
[Code]......
Cisco Firewall :: Email Port Open For ASA 5505?
Jan 16, 2012when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3
[code]....
Are there any other TCP ports want to be allowed and other command lines need to be added?
Cisco Firewall :: Reverse Port Redirection With ASA 5505?
May 16, 2013We have a singe IP Address in the Internet and want to forward SMTP traffic that hits our ASA Outside Interace to the internal Mailserver.And we like to forward Http Traffic to our Webserver.
Example.
212.23.23.23 Port 25 -> 192.168.1.100 Port 25
212.23.23.23 Port 80 -> 192 168.1.200 Port 80
How do i acomplish that. Which NAT rules do in need?
Cisco Firewall :: ASA 5505 Set Up Port Forwarding For Inbound SSH?
May 12, 2011how to set up port forwarding for inbound SSH?
The outside interface on the ASA is on DHCP. I have a single dynamic public IP from my ISP. The inside interface provides Internet access for the network using NAT.
I have a server on the internal network with an IP of 192.168.0.6 and I would like to access this via SSH (TCP port 22) from outside.
I've been able to do this in the past on a PIX with a static public IP block, but I'm new to ASA and I don't know how to do it with PAT.
Current running config attached for what it's worth, but it's pretty basic at the moment.
Cisco Firewall :: 5505 - NAT Port Range For Sip Server
Feb 7, 2013: Saved
: Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013
ASA Version 8.4(4)1
host name cisco asa
enable password xxxxx encrypted
password xxxxx encrypted
names
interface Ethernet0/0
switch port access v lan 100
interface Ethernet0/1
interface Ethernet0/2
[code]...
Cisco Firewall :: Mapping Servers Behind An ASA5505?
Nov 12, 2012I have the following configuration: An ASA5505 with Security bundle license sits at the perimeter with a single public IP address assigned to VLAN2 (outside) out of a /29 block. I have two servers with static IP addresses of 10.70.21.6 and 10.70.21.7 connected to the inside ports with default gateway of 10.70.21.1 (which is the IP address for the VLAN1 inside). I have already configured a default static route and NATing (PAT) so we have internet connection for the PCs. Now I need to configure the ASA to allow remote desktop connection to the servers (with static IP addresses above). Can I use a spare public IP address for each server and if so, whats the syntax? or is there another method? I have used this before but I had a Cisco 2811 router on the perimeter so the syntax was at then: ip nat inside source static 10.30.1.248 81.85.199.44
View 6 Replies View RelatedCisco Firewall :: Port Forwarding For Remote Desktop With ASA 5505?
Dec 16, 2012Doing a port forward for remote desktop with asa 5505 9.1.1 and asdm 7.1.1 I could have done this with the previous versions of asdm but now it even more confusing?
View 21 Replies View RelatedCisco Firewall :: ASA 5505 Port Redirection On Same Public Address?
May 26, 2012We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?
View 6 Replies View RelatedCisco Firewall :: ASA 5505 Blocks Outgoing Smtp (port 25)
Nov 25, 2012i cannot send emails to outside, i have an access rule on interface inside permit source: inside destination: any servic: tcp/smtp and when i make paket tracer it shows me that the packet is dropped but i cant see through which rule!!
ASA version: 8.4(3)
ASDM version 6.4(7)