options to allow telnet in through ASA 5505

tjd2112pcca · ‎02-26-2010

Hello, this 5505 is for a car dealership. A parts company has a server which needs to connect through the firewall from the internet and into a Linux server in the inside network using telnet. How do I set up a port translation so the user on the outside uses a non-standard port for telnet which maps to a server on the inside interface on port 23 (normal telnet port)?

Jon Marshall · ‎02-26-2010

tjd2112pcca wrote:

Hello, this 5505 is for a car dealership. A parts company has a server which needs to connect through the firewall from the internet and into a Linux server in the inside network using telnet. How do I set up a port translation so the user on the outside uses a non-standard port for telnet which maps to a server on the inside interface on port 23 (normal telnet port)?

static (inside,outside) tcp 195.17.17.10 8000 192.168.5.10 23

where the server on the outside would connect to 195.17.17.10 on port 8000 and this would get directed to 192.168.5.10 on port 23.

Be advised though that this is not recommended. A much better solution would be to VPN this connection or even ssh if at all possible.

Jon

tjd2112pcca · ‎02-26-2010

I take it the 195 address is the outside interface of the ASA? I asked them about using ssh but that is not an option.

Jon Marshall · ‎02-26-2010

tjd2112pcca wrote:

I take it the 195 address is the outside interface of the ASA? I asked them about using ssh but that is not an option.

Actually no it isn't the outside interface address, it is just a spare public IP. If you want to use the interface address -

static (inside,outside) tcp interface 8000 192.168.5.10 23

Jon