ASA 8.4 access list dynamic interface

dave love · ‎03-12-2013

This is a working example using static. But it doesn't work with the dynamic interface or I'm doing something wrong. Need to get rdp access to my laptop.

-----------------------------------------------------------------------------------------------------

ASA Version 8.4(5)6

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

object network obj_any

subnet 10.0.0.0 255.255.255.0

object network terminal-outside

host 68.216.158.109

object network terminal-inside

host 10.0.0.200

access-list incoming extended permit tcp any object terminal-inside eq 3389

!

object network obj_any

nat (inside,outside) dynamic interface

object network terminal-inside

nat (inside,outside) static interface service tcp 3389 3389

access-group incoming in interface outside

------------------------------------------------------------------------------------------------------------------------------------------------

Jouni Forss · ‎03-12-2013

Hi,

You use Dynamic NAT / PAT for users traffic to Internet

Static NAT / PAT is used to enable hosting services from your LAN to the Internet

object network terminal-inside

host 10.0.0.200

nat (inside,outside) static interface service tcp 3389 3389

access-list incoming extended permit tcp any object terminal-inside eq 3389

access-group incoming in interface outside

The above configurations you have should enable you to access the LAN host from Internet using the "outside" interface public IP address.

- Jouni