cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
629
Views
10
Helpful
3
Replies

Port Forwarding via ASA

ohareka70
Level 3
Level 3

Hello,

 

I have a server off an interface on my ASA 5585 firewall.  I need to give a contractor access to this from the outside interface but this server is not on my DMZ interface.  Its on another interface that points to the corporate network (inside interface).

 

I usually NAT a public IP and give a contractor access to a DMZ server.

 

Can i do something like this but forward them on from the DMZ to the other interface on the ASA ie port forwarding.

 

just looking some advice - thanks 

1 Accepted Solution

Accepted Solutions

if the box your contractor is trying to connect to is on the inside and you cannot move it to the dmz, then you have no choice.

 

you might want to consider giving them limited VPN access or provide RDP access to a machine in the DMZ from which they can jump onto the internal machine.

 

If its a once off, just open the port and when they are done; close it

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

Yes you can do a port forward from outside to inside, in the same way as from outside to dmz. its not desired, but it is possible

Please remember to rate useful posts, by clicking on the stars below.

Is that my best option or would you know of a better way to do this?

Maybe Cisco have a best practise solution

thanks, Kevin

if the box your contractor is trying to connect to is on the inside and you cannot move it to the dmz, then you have no choice.

 

you might want to consider giving them limited VPN access or provide RDP access to a machine in the DMZ from which they can jump onto the internal machine.

 

If its a once off, just open the port and when they are done; close it

Please remember to rate useful posts, by clicking on the stars below.

Review Cisco Networking for a $25 gift card