04-08-2008 08:30 PM - edited 03-03-2019 09:28 PM
Dear Expert,
Please help me!!! to solve this problem.
Please see in the attach file.
i want outside can access remote in to inside pass thought ASA.
but it doesn't work.
Best Regards,
rechard
Solved! Go to Solution.
04-16-2008 08:32 PM
Hi Rechard,
This because at global, you have define interface as global translation
for all addresses matching NAT rule 1 to be translated through the outside interface or to the internet. This also follows if you are applying ip address at global, which means you must also define ip address at your static NAT configuration. By theway, hope you can kindly rate our conversation and remark as resolve. Your cooperation is highly appreciated. Thank you.
04-09-2008 12:21 AM
Hi rechard,
I think you need some modification like below:
I want to know before proceed, is there any internet devices after your ASA?? If not, you should use public ip at your outside interface.
a) You need one more map ip possibly public ip other than 119.15.81.49 , example 119.15.81.50, please dont use outside interface ip to map into internal ip
a) Please add; static (inside,ouside) 119.15.81.50 10.10.10.2 netmask 255.255.255.255
b) Applied one more access-list 105:
access-list 105 extended permit tcp any host 119.15.81.50 eq 3389
c) Applied the access-list 105 at global config for outside interface (Ethernet0/0):
access-group 105 in interface outside
Please rate if this helps. Thank you.
04-09-2008 02:55 AM
Dear Sir,
yes, when i tested like you gave example to me is working. Why we need one more Public IP address?
So last time i was configure on Pix 515 i have one public ip and map ip it ok ( i mean one public ip add the same interface outside that i map).
Could you advice me please?
Best Regards,
Rechard
04-09-2008 04:51 AM
Hi Rechard,
I m glad that it works. Actually is based on your configuration
Before I explain further, may I know is that previously you assign public ip at outside interface??
If yes, please try one more way:
a) global (outside) 1 interface
- test this command first
- if not works, please change to fix public ip
b) static (inside,outside) tcp interface 3389 10.10.10.2 3389 netmask 255.255.255.255 0 0
- do redirection port
c) access-list 105 permit tcp any host 119.15.81.51 eq 3389
- please put public IP that you assign at OUTSIDE interface, here I put example ip 119.15.81.51
d) access-group 105 in interface outside
Please give me a feedback, if works, I hope you will definitely understand. Please RATE if helps and remark as RESOLVED. Thank you
regards,
aans
04-16-2008 07:45 PM
Dear aans,
I'm sorry for reply late because i have long holiday.
After i follow your command it done, very thank you.
Oh! on answer B i would like to ask you that:
command tcp interface ( this command Interface mean that interface outside right?)
why we put the name is working but when we put ip address outside interface not work? what are different ?
could you advice me please?
Best Regards,
rechard
04-16-2008 08:32 PM
Hi Rechard,
This because at global, you have define interface as global translation
for all addresses matching NAT rule 1 to be translated through the outside interface or to the internet. This also follows if you are applying ip address at global, which means you must also define ip address at your static NAT configuration. By theway, hope you can kindly rate our conversation and remark as resolve. Your cooperation is highly appreciated. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide