topic Re: ASA access list problem in Network Security

ASA access list problem

simon-chamberlain — Fri, 21 Feb 2020 14:28:24 GMT

Hello, I have the following config on an ASA 5520 Version 9.1(7)4

object network outside-in-192-168-3-106
host 192.168.3.106

object network outside-in-192-168-3-106
nat (inside2,outside) static a.b.c.d service tcp 3389 59106

access-list outside_in extended permit tcp any eq 59106 host 192.168.3.106 eq 3389

I want an external user to be able to RDP to a.b.c.d port 59106 and this traffic to arrive at 192.168.3.106 port 3389

I can only get it to work if I add the access list:

access-list outside_in extended permit ip any host 192.168.3.106

What am I doing wrong?

Many thanks, Simon

Kias — Thu, 12 Oct 2017 15:05:45 GMT

Hi,

You need to allow access for the NATTed object, it would work. Hence the mapped port is not required.

access-list outside_in extended permit tcp any object outside-in-192-168-3-106 eq 3389

Regards,

Kias

simon-chamberlain — Thu, 12 Oct 2017 17:09:51 GMT

Thanks Kias. It works!