asa 5510 port forwarding

aa123123aa · ‎07-16-2012

Hello, I've got asa 5510

Using asdm 6.4

And im trying to configure ssh port forwarding

basically, I've got an old firewall server that im replacing right now with the asa 5510

but as of now, I still need to access the old firewall via ssh from outside through the asa

so lets assume my old firewall ip add is 10.0.1.1

I apologize if I haven't explained my self well enough,

Please don't ask me if I've tried this or that.. because I've absolutely no idea where to even begin with, i've tried for 2 days to make it work...

So explain it to me like you would explain something to a retarded person

Tom Marcoen · ‎07-16-2012

If you have absolulely no idea what you are doing, I think you best either hire an expert, or start with buying CCNP Security books (FIREWALL would contains the most usefull information).

If you do are familiar with the ASA and its configuration, it again depends on the version of software you are running. The configuration of NAT changed dramatically in version 8.3. If you can give the version of the ASA software (not the ASDM), we can further assist in setting up port forwarding (NAT translation).

aa123123aa · ‎07-16-2012

Well I've said it because I wanted the explanation to be detailed and not just "do nat"

I have a nice understating of cisco syntax,network topology and etc..

I've defined the static route and other configuration already

As for your question,

The software version is 8.4(4)

Sorry If i've made things complicated

And thanks again.

Ramraj Sivagnanam Sivajanam · ‎07-17-2012

Hi Bro

If you need to configure SSH Forwarding, then the command below should work.

STATIC NAT in Cisco FW (version 8.2.X and below)

==================

static (inside,outside) tcp 202.188.1.5 22 192.168.1.5 22 netmask 255.255.255.255

The above example means that, from the Internet cloud, if someone where to SSH to the Public IP Address 202.188.1.5, it will be directed to the equipment in the Private LAN 192.168.1.5.

P/S: If you think this comment was helpful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

aa123123aa · ‎07-17-2012

Hi Ramraj

This isnt really helpful since i've got version 8.4

Anyhow, i've managed to do the port forwarding, and it worked

But now i've got another port forwarding to do

I've got another machine on my network that i want to ssh into

Beside the one that i've already configured,

Basically what i want is, that when a machine from the outside addresses to the Public IP using Port 5000(or w.e)

To redirect it to the lan machine which lets say the ip address is 10.X.X.X port 22

Any suggestions?

Jouni Forss · ‎07-18-2012

Hi,

Basically the format for that portforward would be this.

I'm just using random values for interface names and IP addresses

LAN interface: inside

WAN interface: outside

LAN device IP: 10.10.10.10

object network SSH-PORTFORWARD

description TCP5000 to TCP22

host 10.10.10.10

nat (inside,outside) static interface service tcp 22 5000

Basically the above should forward TCP/5000 traffic arriving to the IP address of the "outside" interface on the ASA to the port TCP/22 to host on the LAN with the IP address of 10.10.10.10 (Hopefully I didnt mess up the order of the port numbers in the above configuration)

- Jouni