Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 question

I need some help opening up some ports for a sftp client at work.

software version 8.0 (3)

device manager version 6.1 (1)

Thanks for any help.

1 ACCEPTED SOLUTION

Accepted Solutions

ASA 5520 question

There are 3 things that you'll need to allow sftp inbound: access-list, static mapping, and apply the access list.

Let's assume your outside interface is named Outside and you want to allow people to sftp into 5.5.5.5 that's forwarded to 192.168.1.50. You'd need the following:

static (inside,outside) 5.5.5.5 192.168.1.50 netmask 255.255.255.255

access-list FromOutside permit tcp any host 5.5.5.5 eq 22

access-group FromOutside in interface Outside

John

Please rate useful posts...

HTH, John *** Please rate all useful posts ***
4 REPLIES
New Member

ASA 5520 question

I thought it might be ip nat inside outside statement

then it looks like a access-list Im new to the cisco router and could really use some help.

Doesn't seem like it would be that hard if I had some direction

Thanks

ASA 5520 question

There are 3 things that you'll need to allow sftp inbound: access-list, static mapping, and apply the access list.

Let's assume your outside interface is named Outside and you want to allow people to sftp into 5.5.5.5 that's forwarded to 192.168.1.50. You'd need the following:

static (inside,outside) 5.5.5.5 192.168.1.50 netmask 255.255.255.255

access-list FromOutside permit tcp any host 5.5.5.5 eq 22

access-group FromOutside in interface Outside

John

Please rate useful posts...

HTH, John *** Please rate all useful posts ***
New Member

ASA 5520 question

Thanks that help a lot. I just have one question if I want to open the ports on the 5520 just replace the 5.5.5.5 with one of my public ip's right?

Thanks

ASA 5520 question

Yes, just replace that with your assigned public address in the static line and the acl.

John

Please rate all useful posts...

HTH, John *** Please rate all useful posts ***
334
Views
0
Helpful
4
Replies