01-01-2013 05:14 AM - edited 03-12-2019 06:04 PM
I am aware that we can allow external admins to telnet over a custom port to the internal router. Even i was allowed to connect to a remote router via the remote firewall. The way i was accessing the router is by telnet to the remote ASA address on port 8023.
I am not sure how exactly we can configure this on a ASA. Please help.
01-01-2013 05:23 AM
Hi,
So you would like to know how to forward certain TCP ports traffic from the ASAs outside interface to the local router behind it
Heres examples for both old and new softwares
Check your firewalls software level with "show version" command on the CLI
8.2 and below configuration format
static (inside,outside) tcp interface 8023 10.10.10.10 23 netmask 255.255.255.255
access-list OUTSIDE-IN permit tcp any host
Where
8.3 and above
object network PORTFORWARD-MGMT
host 10.10.10.10
nat (inside,outside) static interface service tcp 23 8023
access-list OUTSIDE-IN permit tcp any object PORTFORWARD-MGMT eq 23
Where
Naturally in both cases you should consider what source address to use in the ACL statements. For examples sake I just used the keyword "any" that would allow anyone to connect.
Please rate the answer if the information was helpfull
- Jouni
01-01-2013 10:12 PM
Thanks a lot. Got some idea, let me try this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide