Allow one external IP to use NAT on Cisco ASA 5510 Sec Plus

Unanswered Question
May 3rd, 2012

I keep struggeling with Cisco ASA. Can someone explain a systems engeneer with noob experience on networking how I can make a certain NAT (RDP, SSL or whatever) and securing it by allowing just one external client with fixed internet IP to make use of this NAT?

thanks Talis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
mayrojas Thu, 05/03/2012 - 07:10

Talis,

I understand your frustration. What is exactly what you are trying to accomplish here? It can be interpreted in many ways.

1-Do you want the internal host to be Natted when going to specific IP address on the inernet or

2-Do you want the host already translated to be accessed by one specific host on the internet?

Mike

talismaniak Thu, 05/03/2012 - 11:07


Hi Mike,

Thank you for understanding ;-)

I know how to make a NAT, thats pretty easy, but what I don't understand is how to stop everybody from accessing this NAT. Let me explain with two examples:

- When I'm at home I want RDP access to my corporate network, so I want my IP to be able to access one of the Remote Desktop servers and deny requests from

other IP's than myself
- An external suppier needs to have LDAP access to the domaincontroller, so I only want his IP to be able to access it.

So whatever fits best.

Do I need to make an access-list like "access-list TEST extended ip host 255.255.255.255"
and a "static (inside,outside) access-list TEST"?

Thanks Talis

mayrojas Fri, 05/04/2012 - 09:28

Hello Talis,

I would do it backwards, on the outside interface I mean. like this:

access-list outside permit tcp host host eq 3389

By default there is an implicit deny any any so at the end is only your host that is going to be able to access the specified server.

Mike

Actions

Login or Register to take actions

This Discussion

Posted May 3, 2012 at 5:40 AM
Stats:
Replies:3 Avg. Rating:
Views:1327 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446