03-04-2014 03:11 PM - edited 03-04-2019 10:29 PM
I'm new to Cisco and we just took over a client with an ASA 5505 I need to do 2 things first
I need to know how to open or forward ports to an internal IP address they want me to open ports 3389 and 1433 to an internal address 192.168.192.52
but only from 207.235.73.64 and 255.255.255.192
40.143.46.64 and 255.255.255.192
o and
66.192.91.128 and 255.255.255.192
40.143.28.64 and 255.255.255.192
And second Id link to getb the ASDM downlaoded and working as I;ve used that before in other offices and it helps me out as a non cisco expert. I try going to the device IP in a browser 192.168.192.1/admin and just get a prompt for username and password but it doesn;t take the one I have. Here is the config on the device right now. Any help you guys can point me to Id appreciate. 4 hours of Google research has gotten me no where
sho run
: Saved
:
ASA Version 7.2(3)
!
hostname vmine
domain-name mine
enable password CyQcVKTj6CW8.Vsj encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.192.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
!
interface Vlan3
mac-address 001f.6ce3.bd99
no forward interface Vlan1
nameif guest
security-level 10
ip address 205.10.2.1 255.255.255.0
!
interface Ethernet0/0
description Internet-Connection
switchport access vlan 2
!
interface Ethernet0/1
description Connection to Inside Network
speed 100
duplex full
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
switchport access vlan 2
!
interface Ethernet0/4
switchport access vlan 3
!
interface Ethernet0/5
description Connection to Public Network
switchport access vlan 3
speed 100
duplex full
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
passwd CyQcVKTj6CW8.Vsj encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name domain
access-list guest extended permit icmp any any
access-list guest extended permit ip any any
access-list inside extended permit icmp any any
access-list inside extended permit ip any any
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit tcp any any eq 8440
access-list nonat extended permit ip 192.168.192.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list outside-in extended permit tcp any any eq https
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
access-list outside-in extended permit tcp host x.x.x.x any eq 1433
pager lines 24
logging enable
logging buffer-size 16384
logging buffered informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
ip local pool vpn-ip 192.168.252.1-192.168.252.
03-06-2014 04:43 PM
For ASDM access:
asdm image disk0:/asdm.bin
What is that.... U do not have any image there.
It should be something like
asdm6.4.bin
asdm image disk0:/asdm6.4.bin
Make sure u have a valid ASDM image on flash with the command show flash
For authenticating access
aaa authentication http console LOCAL
For allowing access to internal servers
server 10.10.10.10 on port 3389 will get nated to the outside public IP of the asa on port 3389
static (inside,outside) tcp interface 3389 10.10.10.10 3389
access-list out_in permit tcp any host x.x.x.x (Interface outside IP) eq 3389
access-group out_in in interface outside
So basically
Static NAT
Access-list
Apply the ACL with an access-group.
If more info is required there are tons of documents on this forum about NAT mate.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
03-06-2014 04:54 PM
It saysit has
asdm-523.bin
I added the
aaa authentication http console LOCAL command, it still aks for a username and password when I try and access it via the browser and doesn;t accept any I try
03-06-2014 10:53 PM
Did u use the ASDM command as I requested?
asdm image flash:asdm-523.bin
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
03-07-2014 05:16 AM
This is what it gives me whan I enter that comand
asdm image flash:asdm-523.bin
^
ERROR: % Invalid input detected at '^' marker.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide