Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
0
Replies

Cisco ASA 5505 7.2(4) - Open ports to internal server for external access

DIGITSupport
Level 1
Level 1

‎02-16-2016 05:41 AM - edited ‎03-12-2019 12:18 AM

Hi all,

I was wondering if I could get some help. I have inherited a Cisco 5505 ASA 7.2(4) with ASDM 5.24. I am struggling to get the internal webserver configured for external access over the web, ftp or remote desktop.

I've come across a few guides over the last few days and followed them all but nothing seems to be working for this configuration. I am happy and comfortable using either the command line or ASDM but really would appreciate any input.

Here is my current config:

: Saved
:
ASA Version 7.2(4)
!
hostname firewall
domain-name default.domain.invalid
enable password ****************** encrypted
passwd ****************** encrypted
names
name 10.26.3.44 webserver
!
interface Vlan1
nameif outside
security-level 0
pppoe client vpdn group ZEN-ADSL
ip address pppoe
!
interface Vlan2
nameif inside
security-level 100
ip address 10.26.3.254 255.255.255.0
!
interface Vlan3
no forward interface Vlan1
nameif colt-outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.252
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
switchport access vlan 3
speed 100
duplex full
!
interface Ethernet0/3
switchport access vlan 2
!
interface Ethernet0/4
switchport access vlan 2
!
interface Ethernet0/5
switchport access vlan 2
!
interface Ethernet0/6
switchport access vlan 2
!
interface Ethernet0/7
switchport access vlan 2
!
ftp mode passive
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network Net_192.168.0.0
network-object 192.168.0.0 255.255.255.0
object-group network Net_192.168.1.0
network-object 192.168.1.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service webserver tcp-udp
description All connected to webserver
port-object eq 3389
port-object eq 8080
port-object eq domain
port-object eq www
access-list acl_outside extended permit ip any any
access-list acl_colt-outside extended permit ip any any
access-list colt-outside_access_in extended permit object-group TCPUDP host webserver object-group web server xxx.xxx.xxx.xxx 255.255.255.252 object-group webserver
no pager
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu colt-outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (colt-outside) 1 interface
nat (inside) 1 10.26.3.0 255.255.255.0
nat (inside) 1 192.168.0.0 255.255.255.0
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,colt-outside) interface webserver netmask 255.255.255.255
access-group colt-outside_access_in in interface colt-outside
route colt-outside 0.0.0.0 0.0.0.0 80.169.119.237 1 track 2
route outside 0.0.0.0 0.0.0.0 62.3.84.17 5
route inside 192.168.0.0 255.255.255.0 10.26.3.253 1
route inside 192.168.1.0 255.255.255.0 10.26.3.253 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 10.26.3.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 2
type echo protocol ipIcmpEcho 158.43.128.72 interface colt-outside
num-packets 3
frequency 10
sla monitor schedule 2 life forever start-time now
!
track 2 rtr 2 reachability
telnet timeout 5
ssh 193.128.86.0 255.255.255.192 outside
ssh 217.169.54.74 255.255.255.255 outside
ssh 62.7.82.195 255.255.255.255 outside
ssh 83.217.96.248 255.255.255.248 outside
ssh 10.26.3.0 255.255.255.0 inside
ssh 193.128.86.0 255.255.255.192 colt-outside
ssh 217.169.54.74 255.255.255.255 colt-outside
ssh 62.7.82.195 255.255.255.255 colt-outside
ssh 83.217.96.248 255.255.255.248 colt-outside
ssh timeout 60
console timeout 0
vpdn group ZEN-ADSL request dialout pppoe
vpdn group ZEN-ADSL localname zen265753@zen
vpdn group ZEN-ADSL ppp authentication chap
vpdn username zen265753@zen password *********
dhcpd dns 212.121.128.10 212.121.128.11
dhcpd ping_timeout 750
dhcpd domain digitalinnovationgroup.com
dhcpd option 3 ip 10.26.3.253
!
dhcpd address 10.26.3.1-10.26.3.253 inside
dhcpd enable inside
!

username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:cbc989fe37c72b696ec471f671917aa8
: end

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card