Re: Cisco 5506 SFR module not accessing from outside interface

Amit Gumber · ‎08-09-2018

Hi

I am deploying one Cisco 5506 firewall with below configuration

WAN IP :- Static Public IP ( 162.43.47.219)

LAN IP :- 192.168.0.4/24

Management Interface 1/1 - Security Level 0 / No ip address /enable to connected to same switch where LAN side (192.168.0.4) is connected.

LAN side switch is presently L2 switch with default settings.

I have used SFR ip as 192.168.0.254/24 and this IP is reachable from LAN side and I am able to access Firepower GUI using ASDM within LAN successfully.

When I tried to acces firewall outside IP ( https://WAN-IP of firewall) from public internet it landed to ASDM and it also pop up new window to provide me SFR IP and port to access and when I try with 192.168.0.254 and port 443 (default) , I am not able to acces SFR from outside.

Help me to access SFR from outside public internet similar as I am using from inside LAN.

Thanks

Amit

aaron.hackney · ‎08-09-2018

Hello,

When you connect via ASDM, ASDM will spin up an additional TCP connection to the outside interface that is independant of the main ASDM connection. As a result, you will not be able to use the RFC 1918 address as the IP of the SFR. You will need an additional NAT that covers the 192.168.0.254 address and when prompted for the SFR address in ASDM, you will need to enter the public IP NAT-ed to your 192.168.0.254 address.

Hope that helps.

-A

Amit Gumber · ‎08-09-2018

Hi

Please provide me CLI commads to achieve this.

Thanks

Amit