Solved: to allow access to ther DA

Qzafar712 · ‎04-21-2016

I do not have much experience with firewall side of things, there for I had a question with regards to what I am trying to do.

I have enabled Direct Access on Windows Server 2012, for DA to work it uses HTTPS port 443.

How do I open or enable Direct Access to be able get in and out. Also ASDM is also using Port 443. Any thoughts?

Marius Gunnerud · ‎04-21-2016

to allow access to ther DA server from the internet you would need to do the following (NAT configuration is dependent on ASA version you are running):

object network NAT-DASERVER

host 1.2.3.4

object network DASERVER

host 10.10.10.10

nat (inside,outside) static NAT-DASERVER service tcp 443 443

http server enable 4433 <-- changes ASDM port to 4433

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎05-02-2016

What version ASA are you running

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎04-21-2016

to allow access to ther DA server from the internet you would need to do the following (NAT configuration is dependent on ASA version you are running):

object network NAT-DASERVER

host 1.2.3.4

object network DASERVER

host 10.10.10.10

nat (inside,outside) static NAT-DASERVER service tcp 443 443

http server enable 4433 <-- changes ASDM port to 4433

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Qzafar712 · ‎04-27-2016

Hi

Thank you for the information.

When I try that I get a error at the following.

I was able to change the ASDM Port also.

C5512(config)# object network DAserver-int
C5512(config-network-object)# host 10.X.X.X
C5512(config-network-object)# nat (inside,outside) static 174.X.X.X
^
ERROR: % Invalid input detected at '^' marker.
C5512(config-network-object)# object network DAserver-ext
C5512(config-network-object)# host 174.X.X

^
ERROR: % Invalid Hostname
C5512(config-network-object)# host 174.X.X.X
C5512(config-network-object)# nat (inside,outside) static DAserver-ext se$

nat (inside,outside) static DAserver-ext service tcp 443 443
^
ERROR: % Invalid input detected at '^' marker.
C5512(config-network-object)# nat (inside,outside) stat DAserver-ext serv$

nat (inside,outside) stat DAserver-ext service tcp 443 443

Marius Gunnerud · ‎05-02-2016

What version ASA are you running

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Qzafar712 · ‎05-03-2016

Hi Marius

The ASA version is 9.5(2)2.

Device is ASA5512

Marius Gunnerud · ‎05-05-2016

Are your interfaces named inside and outside?

Also, the following is incorrect configuration as 174.x.x.x is not an IP on the inside network:

C5512(config-network-object)# host 174.X.X.X
C5512(config-network-object)# nat (inside,outside) static DAserver-ext se$

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Qzafar712 · ‎05-18-2016

Interfaces are called MGMT and PROD.

Marius Gunnerud · ‎05-20-2016

Then that is where your issue is with regards to the invalid input error. the format should be:

nat (real_int,mapped_int)

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

HTTPS Port 443