Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1145
Views
0
Helpful
4
Replies

ASA 5520 through Home Modem

Go to solution
Steve Copelin
Level 1
Level 1

‎03-17-2022 07:35 PM

First post, hopefully have it in the right place.

I grabbed an old 5520 to run in my "play" lab at home and I have it a little snag that i'm scratching my head with.

I'm in Australia and have one of those Telstra NBN modems, my 5520 is connected to that via the outside ip of 192.168.0.1 my inside is 10.0.0.1 and all is working well, I can access everything from inside out.

Now my head scratcher, I have an internal web server/DC and VM's that originally I had port forwards on from the NBN modem to let everything through, but now to the 5520 is in between it makes for some searching.5520, Cisco Adaptive Security Appliance (ASA)

So the Q is, if the port forwards from the external IP of the NBN modem to an internal IP (say 10.0.0.100 web server) which was the working range of the NBN modem, I have since re configured the NBN to work on the 192.168.0.0 range of things.

So I'm not sure what to search for, the correct terminology?

 

domain.com to my NBN external IP to my port forward to my 5520 outside interface to my inside interface to my web server

 

Steve

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8
In response to Steve Copelin

‎03-17-2022 10:12 PM

Hi,

If you are doing PAT on the ASA, then things get a little complicated. You will need to configure static NAT on the ASA for the web server. We would need more info on you current config to give the exact configuration you would need but my rough guess is you need the following:

  • choose an ip address on the outside interface/network of the ASA for the web server e.g. 192.168.0.2/24 assuming your outside interface is 192.168.0.1/24
  • configure static nat for the web server

                              object network webserver

                                host 10.0.0.100

                               nat (inside, outside) static 192.168.0.2

  • configure you NBN modem to port forward the web traffic/ports to 192.168.0.2
  • configure extended access-list on the outside interface to allow web traffic to the webserver

You can have a look at the following asa doc:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/firewall/asa-97-firewall-config/nat-reference.html

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post

0 Helpful
4 Replies 4

Go to solution
johnd2310
Level 8
Level 8

‎03-17-2022 08:28 PM

Hi,

Are you doing NAT on the ASA firewall? If you are not doing NAT on the ASA and the web server is still using the same address ,you need an extended access-list on the ASA outside interface to allow web traffic to the web server.

Have a read on access-list on the asa.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
Steve Copelin
Level 1
Level 1

‎03-17-2022 08:47 PM

Thanks John

PAT on this old one.

I have that in place(extended access-list entry), I think what is pulling me up is what to port forward to on the NBN Modem. I have a suspicion that the modem doesn't have that capability.

Steve

0 Helpful

Go to solution
johnd2310
Level 8
Level 8
In response to Steve Copelin

‎03-17-2022 10:12 PM

Hi,

If you are doing PAT on the ASA, then things get a little complicated. You will need to configure static NAT on the ASA for the web server. We would need more info on you current config to give the exact configuration you would need but my rough guess is you need the following:

  • choose an ip address on the outside interface/network of the ASA for the web server e.g. 192.168.0.2/24 assuming your outside interface is 192.168.0.1/24
  • configure static nat for the web server

                              object network webserver

                                host 10.0.0.100

                               nat (inside, outside) static 192.168.0.2

  • configure you NBN modem to port forward the web traffic/ports to 192.168.0.2
  • configure extended access-list on the outside interface to allow web traffic to the webserver

You can have a look at the following asa doc:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/firewall/asa-97-firewall-config/nat-reference.html

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
Steve Copelin
Level 1
Level 1

‎03-17-2022 10:32 PM

Thanks John

I was in the ASDM, just popped it in the NAT Rules.

Thanks again

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card