Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
3
Replies

To customize the port of Defense center

Go to solution
diwakar410
Level 1
Level 1

‎05-20-2016 02:42 AM - edited ‎03-12-2019 12:46 AM

I have cisco ASA and the Defense center is managed in the VM. I have enable the ASA for remote access and by using https://x.x.x.x i get access to the ASA. My DC is running on the local network inside interface and the IP is 192.168.1.15. Is it even possible to port forward and have the access of DC from the remote office. I think we could have got the access of DC using https had there been no ASA  by forwarding but now with  https://x.x.x.x i get the access of ASA, what can be done to get the access of DC. Is there a way to customize ports?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ankojha
Level 3
Level 3

‎05-20-2016 09:46 AM

Hi,

You can configure static nat on the ASA with port forwarding enabled 

for example 

 if your ASA public ip is 1.1.1.1 and defence center private ip is 2.2.2.2 then configuration will be auto nat with below syntax:

object network 1.1.1.1-DCaccess

host 2.2.2.2

nat(inside,outside) static 1.1.1.1 service tcp 443 8443

here 1.1.1.1 is the object name for the public up of asa

after this you can access DC on 

https://1.1.1.1:8443

Rate if it helps

thanks,

Ankita

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ankojha
Level 3
Level 3

‎05-20-2016 09:46 AM

Hi,

You can configure static nat on the ASA with port forwarding enabled 

for example 

 if your ASA public ip is 1.1.1.1 and defence center private ip is 2.2.2.2 then configuration will be auto nat with below syntax:

object network 1.1.1.1-DCaccess

host 2.2.2.2

nat(inside,outside) static 1.1.1.1 service tcp 443 8443

here 1.1.1.1 is the object name for the public up of asa

after this you can access DC on 

https://1.1.1.1:8443

Rate if it helps

thanks,

Ankita

0 Helpful

Go to solution
diwakar410
Level 1
Level 1
In response to ankojha

‎05-20-2016 08:31 PM

Thank you Ankita. I will try that solution of yours. But what about the access rule:

Will this command work:

"access-list any-name extended permit tcp any hostname 2.2.2.2 eq 8443"  

???

Because i tried forwarding the port 443 and it didn't let me forward that port. 

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to diwakar410

‎05-21-2016 01:35 AM

Hi,

The acl should permit real port and IP address. So ensure the real IP and port of DC are permitted in the acl.

Hope it helps.

RS

Rate if it helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card