11-12-2007 07:44 AM - edited 02-21-2020 01:47 AM
I have recently inherited a network with an ASA 5505 at a remote office. Users there have a server that needs to be accessible from the outside. I would like to put this server in a DMZ and use port forwarding (I have the security plus license already installed). I can only find the ASDM instructions for this - there has to be CLI commands for this. Can someone please respond with either the instuctions or the link where I can find them?
11-12-2007 09:03 AM
Will you be using the ASA outside interface IP? if so this thread should get you up and running for port forwarding , replace your static entry to reflect DMZ interface , static(DMZ,outside) etc.. , come back if any questions.
11-12-2007 06:59 PM
First of all - thank you - both for your response.
Yes - the ASA outside interface IP will be used for the server as well.
Here is what I have created so far
An Object-group:
Object-group service SERVER tcp
description TCP Passthrough Ports
Port-object range XXXX-XXXX
Port-object range xxxx-xxxx
Port-object range eq xxxxx
An access list outside_access_in:
access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER
And applied this access list to the outside interface:
access-group outside_access_in in interface outside
Is this correct?
Would the static look like this?
static (DMZ,outside) (outside IP) (DMZ server IP) netmask 255.255.255.255
Do I need a global (outside) statement?
11-13-2007 05:24 AM
your static should look as :
static (DMZ,outside) interface
for global leave as is if Im not mistaken it should already have statement as " global (outside) 1 interface "
11-14-2007 03:23 PM
This worked! Thank you much!
11-12-2007 09:32 AM
Hello,
Here is an example of the configuration guide for PIX and ASA version 7.2, check it out and use for further reference.
11-12-2007 09:33 AM
Ups!!! sorry, here is the link:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043281
11-14-2007 03:23 PM
Thank you - I have been looking for this without luck.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: