Announcement

Collapse
No announcement yet.

ASA 5505 port forward

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5505 port forward

    I have SBS 2008 and a Cisco ASA 5505 firewall. I have done the port forwarding for my SMTP, HTTPS, RWW and RDP. When I try to use the Internet Manager setup in SBS in is okay awith everything but the router config. Can someone send me the port forward commands so I can compare?

    Any help or recommendations are appreciated.

    Thanks

    My firewall config

    Saved
    :
    ASA Version 8.2(1)
    !
    hostname ciscoasa
    domain-name
    enable password 8C9myjbXYNhN4I0J encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address 1.1.1.1 255.255.255.248 first usable IP
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns server-group DefaultDNS
    domain-name ZONWIB
    access-list 100 extended permit tcp any host 1.1.1.1 eq smtp
    access-list 100 extended permit tcp any host 1.1.1.1 eq www
    access-list 100 extended permit tcp any host 1.1.1.1 eq https
    access-list 100 extended permit tcp any host 1.1.1.1 eq 987
    access-list 100 extended permit tcp any host 1.1.1.1 eq 3389
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp 2.2.2.2 smtp 192.168.1.20 smtp netmask 255.255.255.255 first IP in block from ISP
    static (inside,outside) tcp interface https 192.168.1.20 https netmask 255.255.255.255
    static (inside,outside) tcp interface www 192.168.1.20 www netmask 255.255.255.255
    static (inside,outside) tcp interface 987 192.168.1.20 987 netmask 255.255.255.255
    static (inside,outside) tcp interface 3389 192.168.1.20 3389 netmask 255.255.255.255
    access-group 100 in interface outside
    route outside 0.0.0.0 0.0.0.0 3.3.3.3 1 Gateway
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0

    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    tftp-server inside 192.168.1.5 C:\tftp-root
    webvpn
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context domain
    Cryptochecksum:fe9bcdc718053b4803b88ca47e57bf0e
    : end


    --------------------------------------------------------------------------------
    Last edited by javitable; 5th February 2011, 04:59. Reason: add config

  • #2
    Re: ASA 5505 port forward

    Reported for moving to teh Cisco forum where this question will be best answered.

    Comment

    Working...
    X