Solved: Re: Port Forwarding via ASA

ohareka70 · ‎06-06-2018

Hello,

I have a server off an interface on my ASA 5585 firewall. I need to give a contractor access to this from the outside interface but this server is not on my DMZ interface. Its on another interface that points to the corporate network (inside interface).

I usually NAT a public IP and give a contractor access to a DMZ server.

Can i do something like this but forward them on from the DMZ to the other interface on the ASA ie port forwarding.

just looking some advice - thanks

Dennis Mink · ‎06-07-2018

if the box your contractor is trying to connect to is on the inside and you cannot move it to the dmz, then you have no choice.

you might want to consider giving them limited VPN access or provide RDP access to a machine in the DMZ from which they can jump onto the internal machine.

If its a once off, just open the port and when they are done; close it

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Dennis Mink · ‎06-06-2018

Yes you can do a port forward from outside to inside, in the same way as from outside to dmz. its not desired, but it is possible

Please remember to rate useful posts, by clicking on the stars below.

ohareka70 · ‎06-07-2018

Is that my best option or would you know of a better way to do this?

Maybe Cisco have a best practise solution

thanks, Kevin

Dennis Mink · ‎06-07-2018

if the box your contractor is trying to connect to is on the inside and you cannot move it to the dmz, then you have no choice.

you might want to consider giving them limited VPN access or provide RDP access to a machine in the DMZ from which they can jump onto the internal machine.

If its a once off, just open the port and when they are done; close it

Please remember to rate useful posts, by clicking on the stars below.