ASA 5505 DMZ config question - CLI

Unanswered Question
Nov 12th, 2007
User Badges:

I have recently inherited a network with an ASA 5505 at a remote office. Users there have a server that needs to be accessible from the outside. I would like to put this server in a DMZ and use port forwarding (I have the security plus license already installed). I can only find the ASDM instructions for this - there has to be CLI commands for this. Can someone please respond with either the instuctions or the link where I can find them?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 11/12/2007 - 09:03
User Badges:
  • Green, 3000 points or more

Will you be using the ASA outside interface IP? if so this thread should get you up and running for port forwarding , replace your static entry to reflect DMZ interface , static(DMZ,outside) etc.. , come back if any questions.

kwhitley1 Mon, 11/12/2007 - 18:59
User Badges:

First of all - thank you - both for your response.

Yes - the ASA outside interface IP will be used for the server as well.

Here is what I have created so far

An Object-group:

Object-group service SERVER tcp

description TCP Passthrough Ports

Port-object range XXXX-XXXX

Port-object range xxxx-xxxx

Port-object range eq xxxxx

An access list outside_access_in:

access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER

And applied this access list to the outside interface:

access-group outside_access_in in interface outside

Is this correct?

Would the static look like this?

static (DMZ,outside) (outside IP) (DMZ server IP) netmask

Do I need a global (outside) statement?

JORGE RODRIGUEZ Tue, 11/13/2007 - 05:24
User Badges:
  • Green, 3000 points or more

your static should look as :

static (DMZ,outside) interface netmask

for global leave as is if Im not mistaken it should already have statement as " global (outside) 1 interface "

msosabar Mon, 11/12/2007 - 09:32
User Badges:


Here is an example of the configuration guide for PIX and ASA version 7.2, check it out and use for further reference.

kwhitley1 Wed, 11/14/2007 - 15:23
User Badges:

Thank you - I have been looking for this without luck.


This Discussion