ASA 5505

Danny Guillory Jr · ‎10-14-2008

I would like to have a device on my network accessable from the outside world through ANY port

i have tried using the cmd lines below but with no luck...

access-list outside_access_in extended permit tcp any host 1.2.3.4

access-list outside_access_in extended permit tcp any host 1.2.3.4 eq any

anyone have any ideas?

Jon Marshall · ‎10-14-2008

Have you setup Nat for this host ? eg.

static (inside,outside)

Jon

Danny Guillory Jr · ‎10-14-2008

yeah i have

static (inside,outside) 1.2.3.4 10.2.2.35 netmask 255.255.255.255

suschoud · ‎10-14-2008

is the " access-g outside_access_in in interface outside " in place ?

Regards,

Sushil

Danny Guillory Jr · ‎10-14-2008

nope expectially since i have no idea what the access-g is!

suschoud · ‎10-14-2008

an access list is of no use till the time it is applied on an interface.

through " access-group " command we apply an access list on an interface.

PLease add the command from my previous post...should work.

Do rate helpful posts.

Regards,

Sushil

JORGE RODRIGUEZ · ‎10-14-2008

In addition to placing the access-group couple of things you may want to check in the event that you already have access-group outside_access_in in interface outside statement in firewall and still no connection.

1-Make sure the server does not have any firewall of its own enable

2- Make sure the server does indeed listen on ports intended, example lets say port 80 for web, or SSL, telnet, ftp etc..

3- do a telnet test towards the server pub ip from an outside host if you can on the ports the server is listening on.

c:\telnet

look at the logs on asdm see what it tells you while you try connection from the outside.

Rgds

Jorge

Jorge Rodriguez