The solution you provided involves access from inside to outside. However, my requirement is for a vendor to access my SQL data using their public or static IP address. I need to allow traffic coming from vendor so it will be my outside access by configuring an access-list for both the source and destination. Please note that my ASA is positioned behind a Linksys router.So i need to know if i can place there ip in my linksys router with sql port 1433.

In that case what will be my access list ?

Regards

Manoj

@manojyesh 

 Who is facing internet? Linksys or ASA? 

If ASA is facing internet then what I told you is wrong indeed.  But, I uderstood that Linksys is facing internet.

If that so, what I told you remains. Here what I believe will happen

First, they need to call an URL, right? as you dont have fix IP address. When they call the URL, the DynDNS will reply with your current public IP address on the WAN interface of LinkSys.

Than they will call your current public IP address on port 1433.

You need to have a port-forward  on the linksys sending the traffic to your local network which must cross the ASA.

Then you need to have rules on ASA to allow this traffic

Let me know if I understood correctly

Dear Flavio,

The Linksys router is facing the Internet, while the ASA is positioned behind it. What you addressed relates to port forwarding from my internal network to the outside. For example, if I enable port forwarding for the terminal server on port 3389, I can successfully use RDP to access my server from outside.

However, I have a team member who can only provide their public IP address for whitelisting, allowing them to access my server directly using an API. How can I use their static public IP on my Linksys router to whitelist it and open the SQL port?

I already have a DYNDNS service set up on my Linksys router, and it is functioning correctly. As per your advice, if I enable port forwarding, they will be able to access it directly via xyz.dyndns.org:1433. Please correct me if I am mistaken.

Regards

Manoj

@manojyesh 

You are correct. I dont believe Linksys will permit you white list the traffic source. You need to install the firewall facing internet. The firewall is able to handle this properly. 

@ Flavio,

I have received a list of IP addresses from my client that need access to our data sources. These IP addresses must be whitelisted for reading from our intermediate database.White IP ( 196.202.194.242) from the client.

Could you please guide me on how to allow access to these IPs on port 1433, which is connected to my host? What access list entries should I create?

@manojyesh 

Before worry about the firewall permission, first make sure the traffic is getting to the firewall. Depending on how the Linksys is configured, you may not see the costumer IP address on the firewall. 

Ask them to try to access and check the ASA logs. 

If you see the firewall denying the traffic, you just need to allow It. 

 If you need help to create the rule, Just tell which ASA version and If you use ASDM or CLI. 

I have already allowed access for the internal server IP on the Linksys router.

ASA Version is 9.1(2)

Please guide me for access list that will be applied for the White IP only to my destination server ip 192.168.0.3  eq 1433

Thankyou for supporting me.

It seems ok. You need to apply with access-group

Yes, have added the access group to the outside interface earlier. Let me check the connectivity and get back to you.

Thankyou.

Subject: RDP Access Configuration

Hi Flavio,

Could you please guide me on how to enable RDP access to my internal server from outside using port 3389?

Do I need to create an object group and configure RDP service access, or is there a simple command I can use in the ASA? Additionally, I have another server with the IP address 192.168.0.90/24 that also needs to be accessed from outside via RDP.

Could you provide me with the necessary steps?

Thank you!

Thankyou

Same thing you did for 1433 but now for 3389