Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1173
Views
0
Helpful
3
Replies

Static Pat for Cisco ASA 5506 to Microsoft SQL server

arits2004
Level 1
Level 1

‎03-19-2020 12:48 PM

I am trying to setup a dynamic nat from a public IP address to an internal IP address to allow access to a Microsoft SQL database. I want to configure this to allow my network object Cybernautic to access the network object MicrosoftSql. This is my current nat statment:

 

nat (outside,inside_6) source static Cybernautic Cybernautic destination static DC01 DC01 service sql-1433 sql-1433

 

But I am still unable to access the SQL database remotely. Any ideas?

 

 

 

Running Config:

 

ip local pool anyconnect 192.168.2.1-192.168.2.200 mask 255.255.255.0

!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 96.70.36.89 255.255.255.248
!
interface GigabitEthernet1/2
bridge-group 1
nameif inside_1
security-level 100
!
interface GigabitEthernet1/3
bridge-group 1
nameif inside_2
security-level 100
!
interface GigabitEthernet1/4
bridge-group 1
nameif inside_3
security-level 100
!
interface GigabitEthernet1/5
bridge-group 1
nameif inside_4
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network vpn
subnet 10.0.0.0 255.255.255.0
description ahall
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.0_24
subnet 192.168.2.0 255.255.255.0
object network AnyHost
subnet 0.0.0.0 0.0.0.0
object network outsideIP
host 96.70.36.89
object network MicrosoftSql
host 192.168.1.10
object network remoteip
host 50.235.80.83
object network DC01_Outside
host 192.168.1.10
object network ahallvpn
subnet 192.168.0.0 255.255.255.0
object network TS02
host 192.168.1.17
object service RDP
service tcp destination eq 3389
object service sql-1433
service tcp source eq 1433 destination eq 1433
object network Cybernautic
host 67.205.185.195
description cybernautic remote ip address
object-group network DM_INLINE_NETWORK_1
network-object object ahallvpn
network-object object vpn
access-list global_access extended permit ip any any
access-list inside_6_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list SplitTunnel standard permit 192.168.1.0 255.255.255.0
access-list SplitTunnel standard permit 192.168.2.0 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 object vpn
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list inside_6_access_out extended permit ip any any
access-list global_access_1 extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list outside_cryptomap_3 extended permit ip 192.168.1.0 255.255.255.0 object vpn
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside_1 1500
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (outside,inside_6) source static Cybernautic Cybernautic destination static DC01 DC01 service sql-1433 sql-1433
nat (any,any) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24
nat (any,any) source static vpn vpn no-proxy-arp
nat (any,any) source static ahallvpn ahallvpn no-proxy-arp
!
object network obj_any1
nat (inside_1,outside) dynamic interface
object network obj_any2
nat (inside_2,outside) dynamic interface
object network obj_any3
nat (inside_3,outside) dynamic interface
object network obj_any4
nat (inside_4,outside) dynamic interface
object network obj_any5
nat (inside_5,outside) dynamic interface
object network obj_any6
nat (inside_6,outside) dynamic interface
object network obj_any7
nat (inside_7,outside) dynamic interface
access-group outside_access_in in interface outside
access-group inside_6_access_in in interface inside_6
access-group inside_6_access_out out interface inside_6
access-group inside_access_in in interface inside
access-group global_access_1 global
route outside 0.0.0.0 0.0.0.0 96.70.36.94 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_1
http 192.168.1.0 255.255.255.0 inside_2
http 192.168.1.0 255.255.255.0 inside_3
http 192.168.1.0 255.255.255.0 inside_4
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
http 66.94.211.96 255.255.255.248 outside
http 75.150.205.88 255.255.255.248 outside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 74.120.200.141
crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 2 set security-association lifetime kilobytes unlimited
crypto map outside_map 3 match address outside_cryptomap
crypto map outside_map 3 set peer 74.121.200.141
crypto map outside_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 4 match address outside_cryptomap_3
crypto map outside_map 4 set peer 74.120.200.141
crypto map outside_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 4 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate 6476485e
308202d4 308201bc a0030201 02020464 76485e30 0d06092a 864886f7 0d01010b
0500302c 3111300f 06035504 03130863 6973636f 61736131 17301506 092a8648
86f70d01 09021608 63697363 6f617361 301e170d 32303032 32303134 34363235
5a170d33 30303231 37313434 3632355a 302c3111 300f0603 55040313 08636973
636f6173 61311730 1506092a 864886f7 0d010902 16086369 73636f61 73613082
0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100e0
94ff0dfe fcd1359e 13212381 379cfe06 122c031f dfd20ca1 54391026 63824cb2
0b6ccc60 ce8d90c2 6e33bfc8 beda8c1b e36e416f a3adbfe7 58c95488 97965ccc
b7f8fa61 ec39f8df 33677360 774c5b48 3ce339c4 4e3f4fa6 54691fe3 cc40106f
6a929096 957e68c9 ee12d5fb 1e077973 dd994880 95358bed 14fff76d 584ed2ba
30e23bd4 54025843 0b9b4d53 b001c6bd d78d56de 955bba8f 271e8db4 5f7ee76a
2fbc93d2 07af8dee 1e79ee5c 74cfaefc 535ce9af 36a4b3b3 7b372134 8c0a6a68
87e321ad ad89ef04 c55c6409 df5a13e9 f294da7a bdf2d75c 22f29673 6866d836
a442e1ae ed0877ee 2e3d0949 91efe7de 2b5f21ba 2f282e20 54b7628f 93e70502
03010001 300d0609 2a864886 f70d0101 0b050003 82010100 6f95e318 8162007e
7d0871d5 28b3c3c9 97c02ee1 3034f976 2d2d1a93 4e3446d7 4bf3f8fc b1b8875e
ff227966 94b1f5ff b42a6e8b 8c998020 41a9c586 75c8605f e79e9d0c 1ee4aacc
1457f422 209e1883 cabde9b1 23235a9b ea2c098c 89a71271 27b686cb f0bc991b
7f5416d7 73cf4dc0 bcd880cf 500c2eac 15fa3018 39c148c7 441f0576 8f50fff4
2651dca0 2260d90a 53268be6 113fc7bb 6c7c394d 8b6d6096 7311c32d c3de445b
c899adaf 972c873d 88ec6bce ec3620e4 577e6673 eacbf58f 3e718198 1a421181
597bdafa 1769713a 2ed0b4e2 a6fd329d 79e0a05f 510f788e dfd1c15f b090993f
55ae1b5b abaae30e a92b32fa 7927b76f db9a4aab d2e1c4a2
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 66.94.211.96 255.255.255.248 outside
ssh 75.150.205.88 255.255.255.248 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd address 192.168.1.100-192.168.1.199 inside
dhcpd dns 192.128.1.200 8.8.8.8 interface inside
dhcpd lease 96000 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 inside_1
ssl trust-point ASDM_TrustPoint0 inside_2
ssl trust-point ASDM_TrustPoint0 inside_3
ssl trust-point ASDM_TrustPoint0 inside_4
ssl trust-point ASDM_TrustPoint0 inside_5
ssl trust-point ASDM_TrustPoint0 inside_6
ssl trust-point ASDM_TrustPoint0 inside_7
ssl trust-point ASDM_TrustPoint0 inside
webvpn
enable outside
anyconnect image disk0:/anyconnect-macos-4.8.02045-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-win-4.8.02045-webdeploy-k9.pkg 2
anyconnect profiles AnyConnect2_client_profile disk0:/AnyConnect2_client_profile.xml
anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml
anyconnect profiles Anyconnect2_client_profile disk0:/Anyconnect2_client_profile.xml
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 192.168.1.10
vpn-tunnel-protocol ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnel
default-domain value iuoe.local
webvpn
anyconnect profiles value AnyConnect_client_profile type user
group-policy GroupPolicy_AnyConnect2 internal
group-policy GroupPolicy_AnyConnect2 attributes
wins-server none
dns-server value 192.168.1.10
vpn-tunnel-protocol ikev2 ssl-client
default-domain value iuoe.local
webvpn
anyconnect profiles value AnyConnect2_client_profile type user
group-policy GroupPolicy_74.120.200.141 internal
group-policy GroupPolicy_74.120.200.141 attributes
vpn-tunnel-protocol ikev1 ikev2
dynamic-access-policy-record DfltAccessPolicy
username brett password $sha512$5000$XoW4Fl+JnzF+N8U1SwEDCA==$hfRBTVaUBqAkOXHNosQIIw== pbkdf2
username scott password $sha512$5000$j4omPvxMRd2Z4sKfzyf0UQ==$GBzjlct/tzBybF5MRrikzQ== pbkdf2
username aric password $sha512$5000$/A2HDWSG/E698i23RFkn6w==$C7Oz9Z6sKGly33V2TFuB4Q== pbkdf2 privilege 15
username joe password $sha512$5000$fTjCWPkuzQc7fZp8clSp/Q==$VuDOJvDGN5NnycWAsewjYQ== pbkdf2
username darren password $sha512$5000$PxaGxa6qmkZy4jg0LbwQ9A==$qT1h2pKpgLyJTQhXvtkzNg== pbkdf2
username learning1 password $sha512$5000$Uyl59gFusi+JaZjx+ywEbg==$YUIk+r1ZhAS5NBU4nVl+cQ== pbkdf2
username learning2 password $sha512$5000$VrxZaUN+8I4RNWsnJ94PDA==$I82bCZ/iYk6S27uXGo2gdg== pbkdf2
username learning4 password $sha512$5000$8ZJzSSLMdWzId0Q6GnPuCg==$dvAub8qMVy/yy190kUEihA== pbkdf2
username tony password $sha512$5000$PiZsYtEGKf4/r0HRv6vemQ==$9jNq0O0+eZDLR0JaCwca0A== pbkdf2
username Tony password $sha512$5000$fmbby6f8gCVudokt4nQckQ==$k3ZdmOabfKwJYetZQiU30w== pbkdf2
username sora-user password $sha512$5000$ZRxPfRB+fcSAypV+IKAH3g==$p4tV2nL8rZ45iL4W/RNaPg== pbkdf2 privilege 15
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool anyconnect
default-group-policy GroupPolicy_AnyConnect
nat-assigned-to-public-ip outside
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
tunnel-group AnyConnect2 type remote-access
tunnel-group AnyConnect2 general-attributes
address-pool anyconnect
default-group-policy GroupPolicy_AnyConnect2
tunnel-group AnyConnect2 webvpn-attributes
group-alias AnyConnect2 enable
tunnel-group 74.120.200.141 type ipsec-l2l
tunnel-group 74.120.200.141 general-attributes
default-group-policy GroupPolicy_74.120.200.141
tunnel-group 74.120.200.141 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f367c499d76f219f55aa8dc907ed9841
: end

0 Helpful
3 Replies 3

Cristian Matei
VIP Alumni
VIP Alumni

‎03-19-2020 01:31 PM

Hi,

 

   First of all, if this is a live (not lab) environment connected to the Internet, i don't see how you would expect the public IP of 

67.205.185.195 to reach your private IP of 192.168.1.10, via the Internet, without a VPN tunnel build, which i don't see in the config.

   If this is lab environment, your NAT statement points to an object which does not exist, fix the issue by using the same object name in both the object definition and NAT statement; also the wrong ingress interface is specified, you should be using inside, not inside6

 

 

Wrong:

object network DC01_Outside

host 192.168.1.10

nat (outside,inside_6) source static Cybernautic Cybernautic destination static DC01 DC01 service sql-1433 sql-1433

 

 

Correct:

no nat (outside,inside_6) source static Cybernautic Cybernautic destination static DC01 DC01 service sql-1433 sql-1433

no object network DC01_Outside

!

object network DC01

host 192.168.1.10

nat (outside,inside) source static Cybernautic Cybernautic destination static DC01 DC01 service sql-1433 sql-1433

 

Regards,

Cristian Matei

0 Helpful

arits2004
Level 1
Level 1
In response to Cristian Matei

‎03-19-2020 01:51 PM

Hello Christian,

 

Thank you for taking the time to reply.

 

I want to configure the rule so that any traffic that comes in from my outside interface on port 1433 goes to 192.168.1.10 

 

So it would look like this:

 

67.205.185.195 > 96.70.36.89 > ASA >  192.168.1.10

 

 

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to arits2004

‎03-19-2020 03:16 PM

Hi,

 

Use this config instead:

 

no nat (outside,inside_6) source static Cybernautic Cybernautic destination static DC01 DC01 service sql-1433 sql-1433

no object network DC01_Outside

!

object network outsideIP

host 96.70.36.89

!

object network MicrosoftSql
host 192.168.1.10

nat (inside, outside) static interface service tcp 1433 1433

 

To test it, run packet-tracer input inside tcp 67.205.185.195 10000 96.70.36.89 1433 detailed

 

 

Regards,

Cristian Matei

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card