Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
2
Replies

asa port forwarding Version 7.2

Go to solution
captainhastings
Level 1
Level 1

‎01-19-2019 07:28 AM

Hi I am just trying to find my way around an asa. I would like to forward a port.

I have

wan ,pfsense gw on 192.168.1.1 and internal network on the 192.168.1. range.

Then I have the asa which has the 192.168.1.1 as its gateway and its wan ip is 192.168.1.250 and on the other side of the asa a range of 192.168.2.*

The 192.168.2.* can access the internet fine bit I would like the 192.168.1.* range and the internet to access an internal server on 192.168.2.7 behind the asa.

 

I ran

object network Internal_linux_Server
ciscoasa(config)# object network Internal_linux_Server
ciscoasa(config-network)# network-object host 192.168.2.7
exit

object network Internal_linux_Server
static (inside,outside) tcp interface 22 192.168.2.7 22 netmask 255.255.255.255


access-list Outside_access_in extended permit tcp any object Internal_linux_Server eq 22
access-group Outside_access_in in interface outside

 

ciscoasa(config)# show nat

NAT policies on Interface inside:
match tcp inside host 192.168.2.7 eq 22 outside any
static translation to 192.168.1.250/22
translate_hits = 0, untranslate_hits = 21
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
match ip inside any outside any
dynamic translation to pool 1 (192.168.1.250 [Interface PAT])
translate_hits = 2988, untranslate_hits = 544
match ip inside any _internal_loopback any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0

 

any pointers please. I suspect I am way off 

Thanks

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
captainhastings
Level 1
Level 1

‎01-19-2019 11:04 AM

Turns out these 3 lines did what I wanted perfectly

 

access-list outside_access_in extended permit tcp any interface outside eq 3389
static (inside,outside) tcp interface 3389 192.168.1.10 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside

 

http://remotesupportsoftware.blogspot.com/2008/10/configure-rdp-port-forwarding-on-cisco.html

View solution in original post

0 Helpful
2 Replies 2

Go to solution
captainhastings
Level 1
Level 1

‎01-19-2019 11:04 AM

Turns out these 3 lines did what I wanted perfectly

 

access-list outside_access_in extended permit tcp any interface outside eq 3389
static (inside,outside) tcp interface 3389 192.168.1.10 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside

 

http://remotesupportsoftware.blogspot.com/2008/10/configure-rdp-port-forwarding-on-cisco.html

0 Helpful

Go to solution
Alan Ng'ethe
Level 3
Level 3
In response to captainhastings

‎01-19-2019 01:14 PM

Thanks for posting the solution. It may help someone else one day.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
0 Helpful
Customers Also Viewed These Support Documents