Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
1
Replies

Cisco ASA 5512

Go to solution
sjsteve33171
Level 1
Level 1

‎06-09-2018 09:32 AM - edited ‎03-08-2019 03:19 PM

Hi All,

 

I have the following device:

 

Cisco Adaptive Security Appliance Software Version 9.4(4)18
Device Manager Version 7.9(2)

Compiled on Thu 29-Mar-18 22:10 PDT by builders
System image file is "disk0:/asa944-18-smp-k8.bin"
Config file at boot was "startup-config"

Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
ASA: 2048 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB

 

Short and Simple, i am NOT a cisco guy. I'm a level 3 IT technician and i work with Dell Sonicwall's and Fortinet Firewall's. However due to IP limitations we've migrating to Cisco so we can have 32+ Public IP's used on the firewall. Now, I have the device on and in our datacenter and googling the hell out of everything i'm trying to put a config together so i can go down and essentially migrate config from the current Fortigate to the Cisco ASA.

 

I've been to the datacenter 5 times and cannot get it right by guessing the command line. If someone could go over my config please and see what i'm doing wrong? We basically have a bunch of virtual servers running on multiple VLAN's so what I'm trying to accomplish is the following:

 

Private IP A out to internet showing Public Address A.

Private IP B out to internet showing Public Address B.

Private IP C out to internet showing Public Address C.

etc...

 

Also

 

Public IP A Port 80 forwarded to PrivateIP A port 80.

Public IP B Port 80 forwarded to PrivateIP B port 80.

Public IP C Port 80 forwarded to PrivateIP C port 80.

etc..

 

If i can get those parts done, it's only VPN's to do which I'm sure i'll figure out in ASDM wizard, but i cannot leave the Cisco in live until all our services are working via it, and they are down while I test it out. This is the latest script i'm going to test. I think this is right, but could do with a yes or no you need to change to this.

 

========================  OBJECT CREATION BEGIN ===============================

 

object network PUBLICIP_CPANEL_SERVER
host X.X.X.X
exit

object network PRIVATEIP_CPANEL_SERVER
host X.X.X.X
exit

 

========================  PORT FORWARDING BEGIN ==========================

 

object network PORTFORWARD_CPANEL_TCP20
host X.X.X.X
nat (inside,OUTSIDE) static PUBLICIP_CPANEL_SERVER service tcp 20 20
exit
access-list CPANEL_TCP20 permit tcp any host X.X.X.X eq 20

 

 

========================  RANGE FORWARDING BEGIN ============================

object network PORTFORWARD_CPANEL_RANGE_IN
host X.X.X.X
nat (inside,outside) static PUBLICIP_CPANEL_SERVER
exit
access-list CPANEL_IN_RANGE_TCP permit tcp any host X.X.X.X range 30000 50000
access-list CPANEL_IN_RANGE_UDP permit udp any host X.X.X.X range 30000 50000

========================  OUTBOUND IP BEGIN ===============================

object network PUBLICIP_OUT_CPANEL_SERVER
 nat (inside,outside) source dynamic PRIVATEIP_CPANEL_SERVER PUBLICIP_CPANEL_SERVER
exit

 

Thanks in Advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sjsteve33171
Level 1
Level 1

‎06-15-2018 01:28 PM

Solved this by doing the outbound IP AFTER the inbound.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
sjsteve33171
Level 1
Level 1

‎06-15-2018 01:28 PM

Solved this by doing the outbound IP AFTER the inbound.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card