My company uses a Cisco ASA 5505 Adaptive Security Appliance, and I am trying to set up a SFTP server that can be accessed from the Internet.
Is there any way to simply set up port forwarding for my FTP port (4610) to the ip address with the server, as I would do on a simple Linksys router? Or do I need to set up some sort of DMZ?
Any help would be greatly appreciated.
Can you use the 192.168.1.106 ip address from inside?
If you definitely want to use the outside address from the inside you need something called hairpinning.
same-security-traffic permit intra-interface
global (inside) 1 interface
nat (inside) 1 0 0
static (inside,inside) 192.168.1.106 netmask 255.255.255.255
No you don't necessarily need a dmz, inside will work fine. I assume you will want to use the ip of the outside interface of the ASA for this? If so, it would looks something like this. Where x.x.x.x is the inside/private ip of the ftp server.
static (inside,outside) tcp interface 4610 x.x.x.x 4610 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any interface outside eq 4610
access-group outside_access_in in interface outside