PPOE ASA 5505 portforwarding ver 8.2

Lewis Goulden · ‎09-24-2013

Hello,

I have moved from a crappy router to a cisco 5505 running software ver 8.2.

I have done the initial config and am happily surfing the net.

How ever im haveing trouble setting up port forwarding.

Can someone please tell me how i should set this up.

I want to connect to a access server on my lan via telnet.

access server ip = 192.168.1.252

telnet port default

All help is greatly appreciated !

Thanks in advance.

My config:

sec01(config)# show run

: Saved

:

ASA Version 8.2(1)

!

hostname sec01

enable password xxxxxxx encrypted

passwd xxxxxxx encrypted

names

!

interface Vlan1

shutdown

no nameif

no security-level

no ip address

!

interface Vlan10

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

!

interface Vlan99

nameif outside

security-level 0

pppoe client vpdn group grp1

ip address pppoe

!

interface Ethernet0/0

description ** ppoe link **

switchport access vlan 99

!

interface Ethernet0/1

switchport access vlan 10

!

interface Ethernet0/2

switchport access vlan 10

!

interface Ethernet0/3

switchport access vlan 10

!

interface Ethernet0/4

switchport access vlan 10

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

switchport access vlan 10

shutdown

!

ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group home

timeout 5

name-server x.x.x.x

domain-name home.net

dns-group home

object-group network lg-imac

network-object host 192.168.1.252

pager lines 24

logging buffer-size 90000

logging history informational

mtu inside 1500

mtu outside 1492

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

!

router eigrp 10

no auto-summary

eigrp router-id 10.10.10.254

passive-interface outside

redistribute static

!

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh scopy enable

ssh 192.168.1.240 255.255.255.240 inside

ssh timeout 5

ssh version 2

console timeout 5

vpdn group grp1 request dialout pppoe

vpdn group grp1 localname 789@abc.cde

vpdn group grp1 ppp authentication chap

vpdn username 789@abc.cde password *********

dhcpd ping_timeout 10

dhcpd domain gouldenintra.net

dhcpd option 3 ip 192.168.1.254

dhcpd option 4 ip 212.159.13.50

!

dhcpd address 192.168.1.50-192.168.1.80 inside

dhcpd dns 192.168.1.254 212.159.13.49 interface inside

dhcpd lease 1800 interface inside

dhcpd update dns both interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username abc@cde password ****** encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:cb76d45572169962de4a9f53e0651924

: end

Luis Silva Benavides · ‎09-25-2013

Hi Lewis,

Have you tried to do the portforwanding using the keyword "interface" on the Static NAT statement

static ( inside,outside) tcp interface 23 192.168.1.252 23

access-list outside_in permit tcp any interface outside eq 23

access-group outside_in in interface outside

Then you only will need to do a "show ip" on the ASA so you can see the current external IP address. Then you can open a telnet session and it should work.

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva

Lewis Goulden · ‎09-26-2013

I will try this shortly when i get home.

I have aquired version 9.1 (4) will the above commands work on that version ive been told lots of things change on newer versions of code.

(im following upgrade path 8.2 (currently) --> 8.4 --> 9.1.

Thankyou for your post.

Luis Silva Benavides · ‎09-26-2013

Lewis,

The sintax on 8.3+ is different.

It will look similar to this:

object network obj-192.168.1.252

host 192.168.1.252

nat ( inside,outside) static interface service tcp 23 23

access-list outside_in permit tcp any host 192.168.1.252 eq 23

access-group outside_in in interface outside

https://supportforums.cisco.com/docs/DOC-9129

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva