Cisco VPN :: 3000 SSL Port Forwarding With ASA?
Jan 18, 2011
I'd need to protect access to a very critical web site on my LAN.To achieve this I have been thinking to use a cisco ASA, because Cisco VPN3000 appliances are out of market now. But i do not know if I can achieve what I'd wish to do.I need (upon authentication) that an user connection to port 443 is forwarded to port 443 (or another TCP port)to my internal LAN where is the critical web site.So basically I need a feature like the WebVPN functionality of the Cisco VPN 3000 serires where you can logon.using web interface and you are forwarded to specific TCP port or you jsut type the web site where you want to go after authentication. For maximum compatibility (because users can be anywhere in the world and IPSEC or PPTP can be filtered) I'd need to do this with an SSL port forwarding.Is it possible to do this with the SSL VPN configuration options of the Cisco ASA ? Is it possible then to authorize users using LDAP group matching and authenticate users using kerberos 5 ?
View 3 Replies
ADVERTISEMENT
Jun 15, 2011
I'm currently using Cisco EPC 3000 cable modem and Airlive wt-2400r router. Afaik the cisco isn't a router, but i'm still having some weird problems with forwarding and apparently even DMZ wont work .
View 10 Replies
View Related
Apr 7, 2013
I am trying to open up port 32400 on my 881w Cisco router but I have not had any success I need to configure manual port-forward to enable my Plex Media server.
View 1 Replies
View Related
Apr 22, 2013
how to: port forwarding to 2 different destinations based on incoming WAN port
The default HTTP service works fine: TCP80/80-> 192.168.0.55
I have a couple of IP security camera's I'd like to be able to access remotely that also listen on port 80. I tried TCP & UDP 8009/8009-> 192.168.0.9 without any luck. Not sure how to handle the port redirects on the RV042G? Seems simple and was on the Symantec, could be user training :-)
I was able to do port redirect with the Symantec Firewall I'm replacing.
View 2 Replies
View Related
Dec 2, 2011
So here is my network.
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP. I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet. I only have one public IP. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. It appears that changing the default SSH port on Cat 2960 is not an option. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP 001f549f <<pub IP>>:22 0.0.0.0:* LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
ON ASA
object network ROUTER
host 10.10.1.1
[Code].....
View 28 Replies
View Related
Oct 11, 2012
Is it possible to create a service which will forward public port 9010 to an internal IP address with port 23 ?
First of all, I do not like to open the public Telnet port to the inside so I would use another public port and second my ISP does not allow some public ports beneath port 80
View 2 Replies
View Related
Jul 16, 2011
I have always used netgear routers in the past. After a series of issues regarding configurations not working correctly I invested in what appeared to be a semi pro router, the cisco linksys e4200.
I have a centralized server which I use to access a mass of different services such as mail, dns, VPN, FTP, Kerberos, http and many more. While I am not a massive networking ****, this server setup is like my garage project. To access these services externally to my LAN as far as I understand I would need to configure port forwarding for each service to my server. Unfortunately the control panel for the linksys E4200 only offers about 15 custom port fields for forwarding, and some documentation I have read shows that with it's basic install my server could be using up to 60 ports at once.
Is this router just not suitable for this sort of network. If so I will be very disappointed because I have spent a quarter of the price on netgear routers with more control than this.
View 1 Replies
View Related
Apr 13, 2013
I've set up port forwarding from an external port (9000) to an internal port (80) on our SRP541W, and for some reason, it's not working externally. If I access the public address from within the internal network, it works properly.
View 6 Replies
View Related
Mar 7, 2013
Region : UnitedKingdom
Model : TD-W8970
Hardware Version : V1
Firmware Version : 0.6.0 0.11 v000c.0 Build 121203 Rel.46289n
ISP : Virgin Media
Is there any way of forwarding an external port to a different internal port on the TD-8970 ?I saw a question posed on an Australian forum implying that it might be provided in a later firmware release.Our TD- 8970 has replaced a previous NetGear WAG 320N which had this facility, and is useful to provide access to multiple machines without having to modify each individually to use a different port.
View 1 Replies
View Related
Feb 16, 2011
I am having an issue opening a port (4040) on the 655 for my Fedora-based subsonic server. Inside the LAN, I can see the device from other peer machines, so I am confident the port is open and listening. However, I can't seem to get to the machine-port from outside/internet.
I have tried Virtual Server and Port Forwarding with single port. The server has a stactic IP which I've included in the DHCP range and outside the range. I have a DSL connection (AT&T), modem only. I have updated firmware. I have exhausted the Subsonic community's knowledge, everything points to the router, but all the settings seem correct. What am I missing? Is if possible there is a defect in the router? (don't laugh). Is there a way to trace a request to that port to see where it is hanging?
(yes, I've STFA, but don't know what else to do).
View 2 Replies
View Related
Jul 31, 2011
I want to create a Counter Strike Server and need to open some ports for that.The Problem: I cannot seem to open the ports for gaming.The Modem Setup: My Firewall is disabled.My guess is that, this is the area with the problem. I guess my modem is not forwarding onwards.The Problem: I tried checking my ports with websites like URL etc.It cannot access my port.
View 1 Replies
View Related
Jul 24, 2011
I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail
| (25) | (3000)
194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
View 2 Replies
View Related
Aug 7, 2011
I have a DSL-524B from D-Link. My problem is, whenever I Port Forward port 80 to my comp's IP to host a web server, all the other computers connected to the router are unable to access the Internet. So, I set up no-ip to use port 8080, but, this exposes my ip and even when masking, if you look at the HTML code, you get the ip.I need to know how to open up port 80 without restricting Internet access to only my comp, or any other work around.
View 7 Replies
View Related
Apr 1, 2012
I finally got my Cisco Pix 501 working on my network and everything is working great! However, I do host game servers on occasion and I have a 24/7 FTP server up and as of now, I can't connect to it because the PIX is blocking the ports!I have zero experience with Cisco, so I need step-by-step instructions on what commands to enter to get this thing working!
View 5 Replies
View Related
Mar 12, 2011
I am very confused now. I got my 5505 for home (basic) and loaded up 8.4(1) fresh. From the inside interface I can reach the internet no problem but I am having issues trying to get my port forwarding to work with torrent. inside host is 10.100.130.5 port is 26883, I have been trying to configure this forever.
View 9 Replies
View Related
Apr 1, 2012
I finally got my Cisco Pix 501 working on my network and everything is working great! However, I do host game servers on occasion and I have a 24/7 FTP server up and as of now, I can't connect to it because the PIX is blocking the ports!
View 12 Replies
View Related
Apr 6, 2011
We have the above router for a small business and I want to configure VPN to port forward to the server so it can handle the VPN traffic through Routing and Remote Access.I have configured port forwarding on SMTP, RWW and other protocols successfully but VPN will not work.Within the built in web interface on the Cisco it advised that if I want to configure VPN I need to use Cisco Config Pro. I have had a look through this software but it looked to only support the router as the VPN gateway rather than port forwarding to a server.
View 9 Replies
View Related
Jul 10, 2007
I have recently purchased a Cisco 871 router. In the GUI from the installed software, I have been able to configure which ports are forwarded to a specified IP address within my local area network. This seems to output a configuration line like this:
ip nat inside source static tcp 192.168.1.123 1000 interface Dialer0 1000
However, I can only do this one port at a time. Is there a function or command that I can use to specify a range of ports? For example, I would like to forward tcp ports 1000-2300 to the IP address 192.168.1.123
View 12 Replies
View Related
Nov 10, 2012
I was at a friend's office today trying to get the IP cameras working but forwarding the ports seems not to work with his current modem from ATT (a Westwell F90 or something). Would the workaround for this be purchasing a third party modem instead that supports port forwarding and stop leasing the Westwell F90 from ATT?
edit: the modem is hooked up to a DI-524 from D-Link and i already forwarded different ports to see if it was specifically port 80, 1024 etc
View 2 Replies
View Related
Sep 2, 2012
I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox.
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
View 3 Replies
View Related
Feb 11, 2012
command for port forwarding to a few applications (inside hosts) when you only have one Static IP (Public) which is used for many to one NAT (Overloading)?This is the config for the many to one NAT.access-list 1 permit 172.16.0.0 0.0.255.255 ip nat inside source list 1 interface Dialer1 overload What command is necessary to forward ports to certain applications?
View 1 Replies
View Related
Oct 30, 2012
Trying to do port forwarding so that one particular host located on the WAN can get access to a LAN box on a specific port via the public IP.
Here's what I've setup on the ASA (IP addresses and port number have been changed to protect the innocent):
View 1 Replies
View Related
Mar 26, 2012
We have a Cisco 1600 Router, would like to know how to do port forwarding to allow our security camera to be able to view online
View 1 Replies
View Related
Sep 11, 2012
I have a setup with two Cisco 877's – 1 for the hub and 1 for the spoke. The hub has a static WAN IP and the spoke has a dynamic WAN IP. The two sites are tunneled with DMVPN and cert auth for connections via Cisco VPN Client (terminating on hub router). All routes between the two sites work fine – I can see through both ends via LAN IPs and tunnel IPs. I can connect externally through Cisco VPN Client and RDP into PC's on the spoke end via local IPs.
My issue is: I want a port forward on the hub router, pointing to the IP (172.16.1.X) of a device on the spoke end. So using the WAN IP of the hub router, I can reach a host on the spoke side. At this point I cannot get this to work and feel it's related to a NATing issue. Here is my current config for both sites:
HUB Router:
!crypto pki server vpn-ca database level names issuer-name CN=*** CA,OU=*** Services,O=*** lifetime crl 336 lifetime certificate 7305 lifetime ca-certificate 7305 lifetime enrollment-request 1000 database url nvram!
crypto pki trustpoint vpn-server enrollment url http://172.16.0.1:80 usage ike serial-number none fqdn none ip-address ***WAN IP*** revocation-check crl rsakeypair vpn-server 2048 auto-enroll 70 regenerate!
crypto pki trustpoint vpn-ca revocation-check crl rsakeypair vpn-ca!
[code]....
View 1 Replies
View Related
Dec 18, 2011
I have a customer who needs to be able to do port forwarding so his branch sites can log into virtual machines. They currently have a Cisco 877 router which was installed by someone else. I have no idea how to work it or if this is even possible on this router.
View 2 Replies
View Related
Aug 9, 2012
I have a cisco 5520 with 8.4.4(1) and I already have a NAT for an email server on it.Here is the IP and ports on current configuration:
Email Server Private IP: 1.1.1.1
Email Server Public IP: 2.2.2.2
Email Server Local Ports : 25, 587
Right now I have ports 25 and 587 opened for 2.2.2.2 so, now I need to add a port redirection for another port:
New Port : 8925
I need to redirect 2.2.2.2:8925 to 1.1.1.1:587
View 1 Replies
View Related
Jul 14, 2011
Is it possible to configure the RV220W to forward ports without connecting to the SSL VPN?
View 9 Replies
View Related
Jan 23, 2012
I would like to be able to do SSH port forwarding from outside to an IP address inside. Normally, this is very straighforward.
The problem now is that if I do so, then the LAN to LAN VPN stops working!.There is a LAN to LAN VPN working flawlesly (so far) between an ASA 5505 and a Cisco 861 Integrated Router. However, I would like also, to give SSH access to an IP address behind the Cisco router. The moment I do this the VPN breaks!
I attached the Cisco 861 router configuration, where the problem shows. The ASA has public IP X.X.X.105 and the router has X.X.X.105. These two are used for the VPN tunnel.
The internal network in the ASA is 10.115.16.0/24 and 192.168.10.0/24 in the router. These talk to each other using the tunnelt. But, the moment I try to forward port 22 in the router from X.X.X.107 to 192.168.10.30 the VPN breaks! I do that with the following line: ip nat inside source static tcp 192.168.10.30 22 X.X.X.107 22.Obviously, something is eluding me. The configuration is rather short and simple. But, I'm a newbie with Cisco rotuer configuration. Note that the tunnel stays up after I use the natting entry and I can talk from the router to the ASA, but not the other way around!The router is Cisco 861 with IOS version 15.0(1)M7.
View 1 Replies
View Related
Apr 11, 2013
i'm having a problem portforwarding/redirection for the pix 501?I'm trying to open the ports 49003 and 40085 in order to view our dvr remotely and i'm not exactly sure how to it.
View 11 Replies
View Related
Nov 29, 2011
i need to Forwarding to IP Address 192.168.11.61 [code]
What is the command should i give and how can i apply in my router as per my above mention required ?
View 5 Replies
View Related
Sep 5, 2011
I configured my Linux server to accept udp port 4669 and 4769. that was easy for me. That's only a small part of the work. I got a remote Cisco Router 1841. I need to allow udp port 4669 and 4769 on the router. traffic passing port 4669 should go to Server0 ( 192.168.XX.XXX) on port 4569 and Traffic passing port 4769 should go to Server1 (192.168.XX.XXX) on port 4569 and should be vice versa. like traffic coming from example server0 using port 4569 should go out on port 4669 to reach my local server.
View 3 Replies
View Related
Nov 5, 2012
I have an issue with portforwarding in my teleeye cctv behind asa 8.4. I can browse the DVR outside via http however when i attempt to login, "server busy" will prompt afterwards. Note: Theres no issue when acesssing the DVR locally.
Heres my config.
OUTSIDE INTERFACE:
interface Ethernet0/3
speed 100
duplex full
[Code]...
View 4 Replies
View Related
Aug 17, 2011
We have the following port forwards set up on a Cisco 800s router. All internal IP addresses are NATd out to the IP on fa4 which is the external interface. Traffic recieved on fa4 is forwarded to different servers depending on the type of traffic recieved.
We can browse the internal websites from the internet fine, but there is one internal server 192.168.1.7 that uses a db server (192.168.1.5).. it accesses it on its external IP (fa4) on port 1433 but for some reason the connection does not work.. could this be because the source and destination IP addresses are the same IP address?
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.7 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.1.7 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.1.7 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.1.5 1433 interface FastEthernet4 1433
ip nat inside source static tcp 192.168.1.7 990 interface FastEthernet4 990
View 2 Replies
View Related