Solved: ASA 5520 question

kneaadmin · ‎03-24-2012

I need some help opening up some ports for a sftp client at work.

software version 8.0 (3)

device manager version 6.1 (1)

Thanks for any help.

John Blakley · ‎03-25-2012

There are 3 things that you'll need to allow sftp inbound: access-list, static mapping, and apply the access list.

Let's assume your outside interface is named Outside and you want to allow people to sftp into 5.5.5.5 that's forwarded to 192.168.1.50. You'd need the following:

static (inside,outside) 5.5.5.5 192.168.1.50 netmask 255.255.255.255

access-list FromOutside permit tcp any host 5.5.5.5 eq 22

access-group FromOutside in interface Outside

John

Please rate useful posts...

HTH, John *** Please rate all useful posts ***

View solution in original post

kneaadmin · ‎03-25-2012

I thought it might be ip nat inside outside statement

then it looks like a access-list Im new to the cisco router and could really use some help.

Doesn't seem like it would be that hard if I had some direction

Thanks

John Blakley · ‎03-25-2012

There are 3 things that you'll need to allow sftp inbound: access-list, static mapping, and apply the access list.

Let's assume your outside interface is named Outside and you want to allow people to sftp into 5.5.5.5 that's forwarded to 192.168.1.50. You'd need the following:

static (inside,outside) 5.5.5.5 192.168.1.50 netmask 255.255.255.255

access-list FromOutside permit tcp any host 5.5.5.5 eq 22

access-group FromOutside in interface Outside

John

Please rate useful posts...

HTH, John *** Please rate all useful posts ***

kneaadmin · ‎03-25-2012

Thanks that help a lot. I just have one question if I want to open the ports on the 5520 just replace the 5.5.5.5 with one of my public ip's right?

Thanks

John Blakley · ‎03-25-2012

Yes, just replace that with your assigned public address in the static line and the acl.

John

Please rate all useful posts...

HTH, John *** Please rate all useful posts ***