THX; but is the "inbund access rule" mean the "outside_access_in" rules in ACL Manager?

Is it setting correct?

permit any tcp 202.**.***.211

is 202.**.***.211 the ip address of your asa5505 outside interface or is it a spared public IP.

If using outside interface for mapping inside host.

I will trow few examples for few different scenarios.

example-1 :

allowing RDP using outside interface -

static (inside,outside) tcp interface 3389 3389 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq 3389 log

access-group outside_access_in in interface outside

example-2

if u want to map several inside hosts using outside ASA5505 interface IP you can do port forwarding:

say you want to allow ftp, www, and 33389 for RDP local lan IPs 192.168.1.10, 11, 12

static (inside,outside) tcp interface 21 192.168.1.10 21 netmask 255.255.255.255

static (inside,outside) tcp interface 80 192.168.1.11 80 netmask 255.255.255.255

static (inside,outside) tcp interface 3389 192.168.1.12 3389 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq 21 log

access-list outside_access_in extended permit tcp any interface outside eq 80 log

access-list outside_access_in extended permit tcp any interface outside eq 3389 log

access-group outside_access_in in interface outside

example-3

if you have just a single spared public IP you can use is for one static NAT as follows: say public IP is 20.20.20.20

static (inside,outside) 20.20.20.20 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 20.20.20.20 eq 3389 log

access-group outside_access_in in interface outside

you can also do port forwarding with a single spared public IP as shown in example 1

Regards

PLS rate any helpful post if it helps

202.**.***.211 is the spared public IP so I only need to map it to 192.168.1.10 like existing setting. And I need it can be http access, ftp access and remote access on the Internet. Thx

then you simply need static NAT and inbound access rule.

static (inside,outside) 202.**.***.211 192.168.1.10 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 202.**.***.211 eq ftp log

access-list outside_access_in extended permit tcp any host 202.**.***.211 eq http log

So Is the setting in attachment(NAT, Access list) correct now?

(I am not care which service pass from outside in this moment)

quote from show run:

"access-list outside_access_in extended permit tcp any host 202.**.***.211

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,inside) 202.**.***.211 192.168.1.10 netmask 255.255.255.255 "