https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911153#M420750 <P>I have recently inherited a network with an ASA 5505 at a remote office. Users there have a server that needs to be accessible from the outside. I would like to put this server in a DMZ and use port forwarding (I have the security plus license already installed). I can only find the ASDM instructions for this - there has to be CLI commands for this. Can someone please respond with either the instuctions or the link where I can find them?</P> Fri, 21 Feb 2020 09:47:13 GMT kwhitley1 2020-02-21T09:47:13Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911153#M420750 <P>I have recently inherited a network with an ASA 5505 at a remote office. Users there have a server that needs to be accessible from the outside. I would like to put this server in a DMZ and use port forwarding (I have the security plus license already installed). I can only find the ASDM instructions for this - there has to be CLI commands for this. Can someone please respond with either the instuctions or the link where I can find them?</P> Fri, 21 Feb 2020 09:47:13 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911153#M420750 kwhitley1 2020-02-21T09:47:13Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911154#M420752 <HTML><HEAD></HEAD><BODY><P>Will you be using the ASA outside interface IP? if so this thread should get you up and running for port forwarding , replace your static entry to reflect DMZ interface , static(DMZ,outside) etc.. , come back if any questions.</P><P></P><P> </P><P></P><P><A class="jive-link-custom" href="http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Firewalling&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddfc9dc" target="_blank">http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Firewalling&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddfc9dc</A></P><P></P><P></P></BODY></HTML> Mon, 12 Nov 2007 17:03:53 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911154#M420752 JORGE RODRIGUEZ 2007-11-12T17:03:53Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911155#M420753 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Here is an example of the configuration guide for PIX and ASA version 7.2, check it out and use for further reference.</P></BODY></HTML> Mon, 12 Nov 2007 17:32:09 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911155#M420753 msosabar 2007-11-12T17:32:09Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911156#M420754 <HTML><HEAD></HEAD><BODY><P>Ups!!! sorry, here is the link:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043281" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043281</A></P></BODY></HTML> Mon, 12 Nov 2007 17:33:08 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911156#M420754 msosabar 2007-11-12T17:33:08Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911157#M420755 <HTML><HEAD></HEAD><BODY><P>First of all - thank you - both for your response. </P><P></P><P>Yes - the ASA outside interface IP will be used for the server as well. </P><P></P><P>Here is what I have created so far</P><P></P><P>An Object-group: </P><P></P><P>Object-group service SERVER tcp </P><P>description TCP Passthrough Ports </P><P>Port-object range XXXX-XXXX </P><P>Port-object range xxxx-xxxx </P><P>Port-object range eq xxxxx </P><P></P><P></P><P>An access list outside_access_in: </P><P></P><P>access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER </P><P></P><P></P><P>And applied this access list to the outside interface: </P><P></P><P>access-group outside_access_in in interface outside </P><P></P><P></P><P>Is this correct? </P><P></P><P>Would the static look like this?</P><P></P><P>static (DMZ,outside) (outside IP) (DMZ server IP) netmask 255.255.255.255</P><P></P><P>Do I need a global (outside) statement?</P><P></P><P></P><P></P><P></P></BODY></HTML> Tue, 13 Nov 2007 02:59:33 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911157#M420755 kwhitley1 2007-11-13T02:59:33Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911158#M420756 <HTML><HEAD></HEAD><BODY><P></P><P>your static should look as :</P><P></P><P>static (DMZ,outside) interface <WEB.SERVER.IP> netmask 255.255.255.255 </WEB.SERVER.IP></P><P></P><P>for global leave as is if Im not mistaken it should already have statement as " global (outside) 1 interface "</P><P></P><P></P><P></P></BODY></HTML> Tue, 13 Nov 2007 13:24:28 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911158#M420756 JORGE RODRIGUEZ 2007-11-13T13:24:28Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911159#M420757 <HTML><HEAD></HEAD><BODY><P>This worked! Thank you much!</P></BODY></HTML> Wed, 14 Nov 2007 23:23:13 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911159#M420757 kwhitley1 2007-11-14T23:23:13Z https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911160#M420758 <HTML><HEAD></HEAD><BODY><P>Thank you - I have been looking for this without luck.</P></BODY></HTML> Wed, 14 Nov 2007 23:23:58 GMT https://community.cisco.com/t5/network-security/asa-5505-dmz-config-question-cli/m-p/911160#M420758 kwhitley1 2007-11-14T23:23:58Z