Hello, (ASA5505, running 9.2.1)
I have a requirement from one of my software vendors that has an external portion to their service to limit incoming traffic on the port they need to a specific public IP address (for security, only allowing the incoming connection from the public IP address they have provided).
I haven't been able to specify the external public IP address in my access-list entry. Obviously I don't know what I'm doing in this instance!
Lets say that the external public IP address I have been given from my service/software provider is:
111.111.111.111
I have already created objects to reference my network objects and static NAT.
object network server_in (my internal network IP)
host 10.10.10.10
object network server_out (my external public IP issued by ISP)
host 222.222.222.222
and
object network server_in
nat (inside,outside) static server_out
I've created the static NAT, that is all working. I just can't seem to specify the external public IP that the service/software provider has given me. I have had to use an 'any' specification to get the service working but I would like to limit this connection to the IP address my service provider specified.
I have tried using these in my config file but they don't work as the ASA just ignores them when the config is loaded.
access-list out_in extended permit ip 111.111.111.111 object server_in eq 12345
and
access-list out_in extended permit ip host 111.111.111.111 object server_in eq 12345
and
access-list out_in extended permit ip host 111.111.111.111 255.255.255.255 object server_in eq 12345
none of these seem to work, to limit all traffic into "server_in" on port 12345 to only connections from the public IP 111.111.111.111..
Right now I am using the any argument but as I said I really want to restrict this to the IP the provider has specified..
access-list out_in extended permit tcp any object server_in eq 12345...
Could someone help me with the correct syntax to achieve the result I'm looking for please?
Thank you!
