07-16-2012 07:24 AM - edited 03-11-2019 04:31 PM
Hello, I've got asa 5510
Using asdm 6.4
And im trying to configure ssh port forwarding
basically, I've got an old firewall server that im replacing right now with the asa 5510
but as of now, I still need to access the old firewall via ssh from outside through the asa
so lets assume my old firewall ip add is 10.0.1.1
I apologize if I haven't explained my self well enough,
Please don't ask me if I've tried this or that.. because I've absolutely no idea where to even begin with, i've tried for 2 days to make it work...
So explain it to me like you would explain something to a retarded person
07-16-2012 08:56 AM
If you have absolulely no idea what you are doing, I think you best either hire an expert, or start with buying CCNP Security books (FIREWALL would contains the most usefull information).
If you do are familiar with the ASA and its configuration, it again depends on the version of software you are running. The configuration of NAT changed dramatically in version 8.3. If you can give the version of the ASA software (not the ASDM), we can further assist in setting up port forwarding (NAT translation).
07-16-2012 12:12 PM
Well I've said it because I wanted the explanation to be detailed and not just "do nat"
I have a nice understating of cisco syntax,network topology and etc..
I've defined the static route and other configuration already
As for your question,
The software version is 8.4(4)
Sorry If i've made things complicated
And thanks again.
07-17-2012 11:10 AM
Hi Bro
If you need to configure SSH Forwarding, then the command below should work.
STATIC NAT in Cisco FW (version 8.2.X and below)
==================
static (inside,outside) tcp 202.188.1.5 22 192.168.1.5 22 netmask 255.255.255.255
The above example means that, from the Internet cloud, if someone where to SSH to the Public IP Address 202.188.1.5, it will be directed to the equipment in the Private LAN 192.168.1.5.
P/S: If you think this comment was helpful, please do rate them nicely :-)
07-17-2012 11:23 PM
Hi Ramraj
This isnt really helpful since i've got version 8.4
Anyhow, i've managed to do the port forwarding, and it worked
But now i've got another port forwarding to do
I've got another machine on my network that i want to ssh into
Beside the one that i've already configured,
Basically what i want is, that when a machine from the outside addresses to the Public IP using Port 5000(or w.e)
To redirect it to the lan machine which lets say the ip address is 10.X.X.X port 22
Any suggestions?
07-18-2012 12:22 AM
Hi,
Basically the format for that portforward would be this.
I'm just using random values for interface names and IP addresses
LAN interface: inside
WAN interface: outside
LAN device IP: 10.10.10.10
object network SSH-PORTFORWARD
description TCP5000 to TCP22
host 10.10.10.10
nat (inside,outside) static interface service tcp 22 5000
Basically the above should forward TCP/5000 traffic arriving to the IP address of the "outside" interface on the ASA to the port TCP/22 to host on the LAN with the IP address of 10.10.10.10 (Hopefully I didnt mess up the order of the port numbers in the above configuration)
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide