Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
2
Replies

ASA5505 Question

sonitadmin
Level 1
Level 1

‎05-15-2007 05:52 AM - edited ‎03-11-2019 03:14 AM

New to the ASA series. I am installing a 5505 later today. Company has two buildings connected via fiber. ASA will go behind the router and into a switch connecting the two.

Main goal is to protect an iSeries webserver on their internal network. Inside interface is configured with internal network of 172.20.x.x. Outside with static from ISP, 209.143.x.x.

Being new to this, I'm assuming I need an access rule to allow traffic from the WAN to the iSeries box. My current rule is set up like this.

outside, incoming, permit, any (0.0.0.0) to 172.20.x.x (IP of iSeries). Protocol is TCP, service on source = any, service on destination = http/www.

My question is, is this correct? Any help would be appreciated.

Labels:
0 Helpful
2 Replies 2

hoogen_82
Level 4
Level 4

‎05-15-2007 06:03 AM

For permiting traffic from outside to inside you need two things one is your access-list statement and your nat statement.

Ideally i guess you should be looking at port forwarding.

So your statements could be.

access-list outside_inside extended permit tcp any host 209.143.x.x eq www

and you nat statement would be

nat(inside,outside) tcp interface www 172.20.x.x www netmask 255.255.255.255

Assuming your interface ip is 209.143.x.x.

HTH

Hoogen

Do rate if you find this post useful :)

0 Helpful

acomiskey
Level 10
Level 10

‎05-15-2007 06:07 AM

Depending upon what the outside address of the server is you will have something like this...

static (inside,outside) 209.143.x.x 172.20.x.x netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 209.143.x.x eq www

access-group outside_access_in in interface outside

or if the outside address of the server is the same as the outside interface of the ASA you can do...

static (inside,outside) interface 172.20.x.x netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 209.143.x.x eq www

access-group outside_access_in in interface outside

or if you just want to port forward port 80...

static (inside,outside) tcp interface www 172.20.x.x www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 209.143.x.x eq www

access-group outside_access_in in interface outside

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card