03-11-2013 08:24 PM - edited 03-11-2019 06:12 PM
Dear All,
i would like to ask you that i have ASA 5512x with ver. 8.6, so i would like to forwarding port from outside to inside 3386.
Could you let me know which command for enable ASA 5512 v.8.6?
for 8.2 is ok i can enable but 8.6 i don't know command for enable.
Best Regards,
Rechard
03-12-2013 03:14 AM
Take a look at the static nat configuration example below:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703
Sent from Cisco Technical Support iPad App
03-12-2013 10:46 AM
This is the link for a blog that explains the different types of nat, has examples of pre- and post-8.3 configurations.
03-12-2013 09:18 PM
Dear Jocamare,
I try to use command as below but it still problem:
access-list outside_acl_in extended permit tcp any host 192.168.7.64 eq 3389
access-group Outside-In in interface outside
object network obj-192.168.30.10
host 192.168.30.10
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.30.10
nat (inside,outside) static 192.168.7.64
object network obj_any
Note: 192.168.7.64 is wan interface.
Best Regards,
rechard
03-12-2013 09:36 PM
Problem is you are using the wan interface.
Make it look like this:
access-list outside_acl_in extended permit tcp any host 192.168.7.64 eq 3389
access-group Outside-In in interface outside
object network obj-192.168.30.10
host 192.168.30.10
nat (inside,outside) static 192.168.7.64 service tcp 3389 3389
03-13-2013 06:28 PM
Dear All support
Thanks you for your help !
I tried to follow your config that you gave me but it not work.
any way currently IOS is asa861-2-smp-k8.bin, i would like to upgarde to asa911-smp-k8.bin.
for upgrade IOS is it the same ASA 5505 or 5510, just type: copy tftp flash , ip address and name of IOS is done?
Best Regards,
Rechard
03-13-2013 06:36 PM
Can you run this command and share its output?
packet-tracer in outside tcp 4.2.2.2 1234 192.168.7.64 3389
I might not need to point this out, but i will. Remember that the WAN IP [192.168.7.64] is a private address.
Not routable from the internet.
Just wanted to make sure that was clear.
Now, about the upgrade.
Not sure i understand the question about the ASA models, but the process is the same in all devices.
ciscoasa# copy tftp flash
Address or name of remote host []? <server's IP>
Source filename []? <file name>
Destination filename <file name>?
Accessing tftp://198.18.42.125/asa825-k8.bin [example]...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa825-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide