Cisco WAN :: Check ASA 5505 Port Forwarding Configuration
Apr 23, 2012
I've configured port forwarding on an ASA 5505 to connect to an Access Point web administration.This Is for testing purposes only. I've followed the guidelines for port forwarding and I've created an access list but I can't connect to the AP.I know It's working because It connects fine when connected to my speedtouch router.I've attached a running-config.I'm getting hit counts on the ACL and I'm getting untranslate_hits on the nat but no translate hits.
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
[code]......
View 2 Replies
ADVERTISEMENT
Dec 2, 2011
So here is my network.
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP. I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet. I only have one public IP. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. It appears that changing the default SSH port on Cat 2960 is not an option. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP 001f549f <<pub IP>>:22 0.0.0.0:* LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
ON ASA
object network ROUTER
host 10.10.1.1
[Code].....
View 28 Replies
View Related
Sep 2, 2012
I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox.
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
View 3 Replies
View Related
Oct 30, 2012
Trying to do port forwarding so that one particular host located on the WAN can get access to a LAN box on a specific port via the public IP.
Here's what I've setup on the ASA (IP addresses and port number have been changed to protect the innocent):
View 1 Replies
View Related
Jan 23, 2012
I would like to be able to do SSH port forwarding from outside to an IP address inside. Normally, this is very straighforward.
The problem now is that if I do so, then the LAN to LAN VPN stops working!.There is a LAN to LAN VPN working flawlesly (so far) between an ASA 5505 and a Cisco 861 Integrated Router. However, I would like also, to give SSH access to an IP address behind the Cisco router. The moment I do this the VPN breaks!
I attached the Cisco 861 router configuration, where the problem shows. The ASA has public IP X.X.X.105 and the router has X.X.X.105. These two are used for the VPN tunnel.
The internal network in the ASA is 10.115.16.0/24 and 192.168.10.0/24 in the router. These talk to each other using the tunnelt. But, the moment I try to forward port 22 in the router from X.X.X.107 to 192.168.10.30 the VPN breaks! I do that with the following line: ip nat inside source static tcp 192.168.10.30 22 X.X.X.107 22.Obviously, something is eluding me. The configuration is rather short and simple. But, I'm a newbie with Cisco rotuer configuration. Note that the tunnel stays up after I use the natting entry and I can talk from the router to the ASA, but not the other way around!The router is Cisco 861 with IOS version 15.0(1)M7.
View 1 Replies
View Related
Mar 16, 2011
We have an ASA 5505 and I need to set up port forwarding for an unusual port number which will be used for FTP on an IIS server.It's a bit complex as there are 3 VLANs: these are called ISP, Server and LAN-side VPN. We need to add a TCP port 8521 forward from the server's IP in Server WAN to ISP WAN VLAN with public IP address.
View 1 Replies
View Related
Jun 27, 2011
We are trying to install filter software at our main location and branches. The admin console has been installed at the main branch, but I need to allow access to ports 58000-58003 through our firewall in order to successfully install the software at our branches.
View 1 Replies
View Related
Feb 25, 2013
have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.All this box really does is port forward external clients to 1 address on the internal lan for client software updates.So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.
View 16 Replies
View Related
Dec 6, 2012
I have ASA5505 and am having issue with port forwarding NAT . [code]
View 11 Replies
View Related
Sep 1, 2012
I have the following configuration in my ASA 5505 and I'm having problems connecting with other players on my XBox (moderate NAT).
I think my problem is that I need to forward ports tcp:3074, udp:3074, and udp:88 to my xbox which is at 192.168.2.50 (vlan 3 below).
[code]
# sh run
: Saved
:
[Code].....
View 3 Replies
View Related
Oct 1, 2012
I am trying to forward specific ports from the outside interface on my ASA5505 to my servers inside and can not get it to work! I have a VPN that currently works and the firewall rule in place I am just overlooking something simple I'm sure. Here is the config:
ASA Version 8.2(5)
!
hostname ASA
enable password <removed>
passwd <removed>
[Code]...
View 16 Replies
View Related
Apr 2, 2013
interface GigabitEthernet0/0
ip address x.x.x.36 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
[Code]
ip nat inside source static tcp 192.168.1.252 22 x.x.x.36 6922 extendable
ip route 0.0.0.0 0.0.0.0 x.x.x.33
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit any
Anything wrong with my config? port forwarding to my ssh wont work. Im using CISCO 1900 Series.
View 10 Replies
View Related
Mar 15, 2012
We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.
We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?
The equipment is: ASA 5505ASA Version 7.2(4)ASDM Version 5.2(4) I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general.
View 19 Replies
View Related
May 20, 2012
I have ASA 5505 with 8.4(2)8 software for one of my branch offices and I can't configure port forwarding.It seems to be very simple, but it's not working. I use my ASA as a gateway to the internet for users in office and for site-to-site IPSec VPN to HQ. I have pppoe-enabled outside interface, but ISP gives me static routable ip address. I have server behind my firewall and I should "publish" to the WAN some of its' tcp and udp ports, but I see that no packets forwarded through ASA. I tried to configure PAT as stated in official "Cisco Security Appliance Configuration Guide" through CLI and ASDM.[code]
View 4 Replies
View Related
Dec 27, 2011
I have Cisco ASA 5505 Firewall with security plus license, Currently I open ports on 25,80,443 on public IP address 1.1.1.1 and perform static nat between the inside and outside IP address Such as i configured via CLI
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 80
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 443
access-list OUT_IN extended permit tcp any host 1.1.1.1 eq 25
[Code]......
View 1 Replies
View Related
Apr 19, 2013
I have a Cisco home rack lab which is behind my ASA 5505. I use my ASA to connect to the internet. My situation is I travel a lot for work, and I am unable to do my labbing practice. I am pretty new to ASA and would like to do a port forwarding to access my access server which is connected to my Cisco routers and switches.My network topology is this: (internet)-------(ASA 5505)----------(3550)-------(CM32 Access Server)----------(Cisco Rack) This is how I setup my remote access:
Code:
ssh 0.0.0.0 0.0.0.0 outside
View 8 Replies
View Related
May 12, 2011
how to set up port forwarding for inbound SSH?
The outside interface on the ASA is on DHCP. I have a single dynamic public IP from my ISP. The inside interface provides Internet access for the network using NAT.
I have a server on the internal network with an IP of 192.168.0.6 and I would like to access this via SSH (TCP port 22) from outside.
I've been able to do this in the past on a PIX with a static public IP block, but I'm new to ASA and I don't know how to do it with PAT.
Current running config attached for what it's worth, but it's pretty basic at the moment.
View 3 Replies
View Related
Jan 6, 2013
I want to port forward, so i can broadcast using icecast but it requires me to access my router. I follow the steps from Setting a Static IP Address in Windows 7 - PortForward.com but from step 4 where i have to access my router in my browser,i write my ip which is: 10.0.0.4 according to cmd, and i just get a "Oops! Google Chrome could not connect to 10.0.0.4" message.I have attached a picture showing info from my cmd. It's in danish but i don't think that should be a problem.
View 3 Replies
View Related
May 15, 2012
I have an ADSL connection which I would like to have my Cisco Soho 97 ADSL router configured to dialup and forward to port 8080.
My network is 192.168.1.0/24
Router is 192.168.1.1
Server is 192.168.1.4 - Default gateway is 192.168.1.1
I am able to connect using the script below and get a public ip address but i cant get it to connect to the internet?what command to use for port forwarding to 8080?
hostname Router
!
!
ip subnet-zero
ip name-server 212.23.8.1
ip name-server 212.23.3.1
ip dhcp excluded-address 192.168.1.1
[code]...
View 5 Replies
View Related
Nov 20, 2011
I have recently replaced an RV082 router that had failed with a new RV082. The previous router was set up to forward port 443 ssl requests to a server in the network. Worked flawlessly for years and that is why I replaced it with same model. The new router is also set up to forward port 443 ssl requests to the new server. The issue is that the router responds with its own certificate and does not forward the request to the server.
View 5 Replies
View Related
Apr 11, 2012
I have an RV082 V2 with 2.0.2.01-tm and I am having trouble with getting my Sprint Airvana to connect properly to the mobile service. I've read on the Sprint forums indicate putting the Airvana in the DMZ generally allows the device to work properly; however, none have the RV series routers for tips on how to do this appropriately. This device used to work fine behind the RV082, but I reset it one day and it no longer works.
The Airvana is a femtocell/router device with a WAN port and 3 LAN ports. If I connect the Airvana directly to my cable modem, I get the appropriate connection and can then make calls through the device instead of through the Sprint connection; I live in a basement unit and get crappy signal without the device. This proves the device works and that my ISP is not blocking the ports. Sprint indicates the device uses UDP 53, 67, 68, 500 and 4500. Their support sucks and they insist I put the Airvana before my router. I absolutely do not want to use the Airvana as the router. There are almost no configuration options in the router interface and it needs to be rebooted somewhat regularly, which would drop internet access throughout the house for 10-15 minutes while it reboots and finally establishes an internet connection.
As soon as put the Airvana behind the RV082, I no longer get the appropriate connection. I can, however, plug my computer into one of the LAN ports on the Airvana and connect to the internet in general. I have the router assign a static IP to the Airvana, and tried forwarding the required UDP ports to the IP. This did not fix the problem.
I can certainly troubleshoot the port forwarding issues, but I would also like to look into putting the device into the DMZ, if possible. I've not worked much in this area, so I am unsure how to appropriately configure the router to allow this to happen. Is it possible to have the Airvana in the router DMZ without having a public IP for the device itself?
View 2 Replies
View Related
Dec 16, 2012
Doing a port forward for remote desktop with asa 5505 9.1.1 and asdm 7.1.1 I could have done this with the previous versions of asdm but now it even more confusing?
View 21 Replies
View Related
Jan 26, 2013
just getting started with ASA's. I've got my 5505 almost 100% configured but my port 25 forward to my Exchange server. Currently I've got an access list forwarding all traffic that hits the outside interface on port 25 to my Exchange server (access-list outside-in extended permit tcp any object mail-port-25 eq smtp). What I'd like to do now is say that only port 25 traffic from specific IP subnets gets forwarded. I thought I read that there's a couple of way to do this (from the inside interface, from the outside interface).
Also, what happens to port 25 hits that don't fall within the range I specify? Do they get a disconnect reply or do they just get ignored (no reply whatsoever)?
Edit: ...just to clarify, the allowed IP's I will be entering are the WAN IP's of my AS/AV service.
View 6 Replies
View Related
Jun 26, 2012
I am trying to port forwarding Exchange 2010 OWA using ASA5505, wherever I used object NAT or Twice NAT it just doesn't work.... here is my config:
access-list outside-access remark "Exchange Server Access Rules"
access-list outside-access extended permit tcp any host <public x.x.x.11> eq smtp
access-list outside-access extended permit tcp any host <public x.x.x.11> eq https
[code]...
note that i use public ip <public x.x.x.9> on the outside interface for PAT, so all hosts in the same private can access internet
View 1 Replies
View Related
Jan 15, 2013
Here is my environment: DSL Modem - ASA 5505 - switch ,Inside network (192.168.2.0/24)
What I have successfully done:
- Modem online and passing on DHCP requests from the ASA to my ISP (ASA does get an internet address on the outside interface)
- ASA assigning DHCP to internal network
- All internal clients can access the internet.
What I am getting stuck on is getting NAT rules set up for simple port forwarding. What I would like: ANY internet address be able to access a server on the inside network address (192.168.2.x) over tcp/22 . I set up what I believe to be the correct NAT rule and Access Rule, but the packet tracer fails. Here is my config.
ASA Version 9.1(1)
hostname xxxxxx
domain-name ugh
enable password xxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[code]......
View 6 Replies
View Related
Mar 3, 2011
I was changing the port forwarding configuration when suddenly the router stopped working, and now the "D-Link" light is constantly on, and the power light and the 4 LAN lights are flashing. Nothing worked, resetting, or unplug and plug again in a short time.
I disconnected it for 12 hours, and when I plugged in again, it kinda worked, and the settings where factory defaults, so when I tried to connect it to DSL via PPoE, when ( I believe ) it reboots to accept the changes, it starting flashing again and completely stopped working.
So I waited 12 hours more unplugged, plugged it and it worked, and the setting from 12 hours earlier were still there. But when trying to connect to the DSL it stopped working AGAIN.
Now I don't know what to do. I guess I am going to keep trying connecting with little differences, until something.
I believe it still has warranty but since the is no official service in Uruguay, it isn't economically viable to send it overseas.
I am currently connected directly to the DSL, sharing connection to other computers through a switch and hosting an ad-hoc wireless network, but the performance is terrible and the wireless range is minimal.
View 1 Replies
View Related
Oct 9, 2011
I vave a zyxel p-660HW-T1 v2.I need to do PORT FORWARDING since I want to use an IP Camera in order to have remote access to video.I do not find PORT FORWARDING in the modem configuration. I find NAT, but not port forwarding.
View 1 Replies
View Related
Apr 7, 2013
I am trying to open up port 32400 on my 881w Cisco router but I have not had any success I need to configure manual port-forward to enable my Plex Media server.
View 1 Replies
View Related
Feb 4, 2012
Yesterday, myself and local support team has been engaged to perform troubleshooting the issue of some web site accessing .Mos of this case is cased by MTU issue, So, I've tried to configure the following configuration on interface tunnel 0.Device: Cisco 7609 with IOS s72033-adventerprisek9_wan-mz.122-18.SXF8.bin
I've tried to figure out what the supporting command after 'ip tcp' in tunnel 0 and following likes..ip tcp ?compression-connections Maximum number of compressed connectionsheader-compression Enable TCP header compression.there is no such command about 'ip tcp adjust-mss.So, my questions is that what is the replace command for 'ip tcp adjust-mss' ? Is this only support on Router? such as Cisco 7200. or not, to take effect same functional on C7609, what is the command for that?
View 3 Replies
View Related
Nov 22, 2012
Is there a way to check the hardware status of an ASA 5505 ? I am thinking of a command or a script to execute.
View 3 Replies
View Related
Apr 22, 2013
how to: port forwarding to 2 different destinations based on incoming WAN port
The default HTTP service works fine: TCP80/80-> 192.168.0.55
I have a couple of IP security camera's I'd like to be able to access remotely that also listen on port 80. I tried TCP & UDP 8009/8009-> 192.168.0.9 without any luck. Not sure how to handle the port redirects on the RV042G? Seems simple and was on the Symantec, could be user training :-)
I was able to do port redirect with the Symantec Firewall I'm replacing.
View 2 Replies
View Related
Oct 11, 2012
Is it possible to create a service which will forward public port 9010 to an internal IP address with port 23 ?
First of all, I do not like to open the public Telnet port to the inside so I would use another public port and second my ISP does not allow some public ports beneath port 80
View 2 Replies
View Related
Dec 25, 2011
We have configured a Fex port as acces port but the port no up becouse appear in suspended state, i think the problem is a vlan mistmach as appear in the consistence-parameter information but i not found in what part allow the correct vlan, the N2K are connected to 2 N5K, and 5K are connected to2 N7K
%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 41 on Interface Ethernet101/1/48 are being susp ended. (Reason: Vlan is not configured on remote vPC interface) [code]
View 4 Replies
View Related
