cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
0
Helpful
1
Replies

Copying Nat/ACL within ASDM to duplicate open ports not working.

DreamTheater
Level 1
Level 1

So as the title states I am simply trying to open ports to the firewall for the purposes of VPN connectivity and copying the NAT/ACL rules seems to have no effect. I have changed the particulars for the ports but yet the newly copied rules and statements yield CLOSSED ports. I am at my wits end here and need assistance please! Code is below.

 

Open ports are 443/3389, all others are closed.

 

ASA 8.2(5)59

ASDM 7.6(2)150

 

 

 


same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service ipsec tcp
port-object eq 1701
access-list Outside_access_in extended permit ip any any
access-list Inside_access_in extended permit ip any any
access-list Outside_access_in_1 extended permit ip any any
access-list OUTSIDE-IN extended permit tcp any any eq 3389
access-list OUTSIDE-IN extended permit ip any any
access-list OUTSIDE-IN extended permit tcp any any eq 1701
access-list acl_out extended permit tcp any host 108.190.57.161 eq https
access-list outside_in extended permit tcp any host 108.190.57.161 eq 1701
access-list outside_in extended permit tcp any host 108.190.57.161 eq https
access-list outside_in extended permit tcp any host 108.190.57.161 eq sip
access-list outside_in extended permit tcp any host 108.190.57.161 eq 3389
access-list outside_in extended permit ip any any

 

global (Outside) 101 interface
nat (Inside) 101 0.0.0.0 0.0.0.0
nat (VLan) 101 192.168.1.0 255.255.255.0
nat (VLan) 102 0.0.0.0 0.0.0.0
static (Inside,Outside) tcp interface 1701 10.10.1.250 1701 netmask 255.255.255.255
static (Inside,Outside) tcp interface sip 10.10.1.250 sip netmask 255.255.255.255
static (Inside,Outside) tcp interface 3389 10.10.1.250 3389 netmask 255.255.255.255
static (Inside,Outside) tcp interface https 10.10.1.250 https netmask 255.255.255.255
access-group outside_in in interface Outside
access-group Inside_access_in in interface Inside

 

1 Reply 1

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

Can you share your interface configuration. I beleive some thing wrong with NAT Rules and ACLS.

 

For Example:

 

static (Inside,Outside) tcp interface https 10.10.1.250 https netmask 255.255.255.255

 

10.10.1.250 seems to be your internal address. And it seems that this address "108.190.57.161" is your outside interface ?

If yes, then modify the NAT rule and ACL as below:

 static (Inside,Outside) tcp host 10.10.1.250 https interface https

 

Same thing need to be done for other rules also.

 

For ACL:

access-list outside_in extended permit tcp any host 10.10.1.250 eq 443

Review Cisco Networking for a $25 gift card