Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1885
Views
20
Helpful
18
Replies

ASA access rule relative to port forwarding

Go to solution
Dr.X
Level 2
Level 2

‎01-24-2014 12:44 PM - edited ‎03-10-2019 12:25 PM

hi all ,

just simple question

assume i have    inside==ASA====outside========intnet

assume outside public ip is x.x.x.x

asusme i made a portforward on outside interface ,

assume my lan is 10.10.10.0/24

assume to reach my server 10.10.10.2 i need to go x.x.x.x:5050

the question is about the access rule that need to be allow the outside traffic that comes inside .

why i need to allow destination to ip 10.10.10.2 in the access rule ???

shouldnt we allow the access to x.x.x.x:5050 ip ???

question agian ,

why we need access rule that allow traffic that enter form outside to inside , and dont need rule to allow traffic enter outside  ip itself ?

regards

Labels:
0 Helpful
18 Replies 18

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Dr.X

‎01-26-2014 02:27 AM

For traffic to the ASA interface No.

For SSH, Telnet or any other device behind the ASA: Yes.

Please rate all of the posts that you think were useful for you

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
Dr.X
Level 2
Level 2
In response to Julio Carvajal

‎01-26-2014 02:33 AM

well ,

at this point , its very fine

the question is why i cant login to the asa asdm remotely from the outside interface ???

i did config so that it support http

http server enable 65000

http 10.66.12.0 255.255.255.0 ins

http 0.0.0.0 0.0.0.0 outside

also ,

i can see the https webpage of asa asdm

but i cant login from the asdm itself !!

want to tell you that i chanfes the port of asa to 65000

here is when i put the public ip x.x.x.x:65000 on page

im being redirected to

https://x.x.x.x:65000/admin/public/index.html

but why on the asdm i cant login ??

it says ""connecting ""  and not logged !!!

i tried to put the ip in the asdm with x.x.x.x & x.x.x.x:65000 

but still no luck

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Dr.X

‎01-26-2014 02:37 AM

Hello

can you share

show run asdm

show run http

show run aaa

show run all ssl

show flash | include asdm

show run webvpn

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Dr.X
Level 2
Level 2
In response to Julio Carvajal

‎01-26-2014 02:53 AM

hi , currently i dont have an access on asa ,

but i have the sh run file

here wt u need

============

asdm image disk0:/asdm-645.bin

========================

aaa authentication http console LOCAL

http server enable 65000

http 10.66.12.0 255.255.255.0 ins

http 0.0.0.0 0.0.0.0 outside

destination transport-method http

==============================

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

=============================

agian , i can log by vpn , but still cant access asa asdm from vpn !!!!

0 Helpful
Customers Also Viewed These Support Documents