Announcement

Collapse
No announcement yet.

ASA 5505 configuation help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5505 configuation help

    Hello, I need to update the configuration of an ASA 5505 running version 7.2(4)
    Currently we have three external IP addresses pointing to three internal servers as static routes (actual IP's have been changed):

    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) 1.2.3.33 192.168.1.11 netmask 255.255.255.255
    static (inside,outside) 1.2.3.34 192.168.1.12 netmask 255.255.255.255
    static (inside,outside) 1.2.3.35 192.168.1.13 netmask 255.255.255.255

    I need to be able to use each of those external IP addresses with port 3390 to connect to a different IP than what is in the static route, ie:

    Outside 1.2.3.33:3390 connects to Inside 192.168.1.101:3389
    Outside 1.2.3.34:3390 connects to Inside 192.168.1.102:3389
    Outside 1.2.3.35:3390 connects to Inside 192.168.1.103:3389

    I can easily add the access-list, but I have a feeling the static routes are causing my issues.

    access-list acl_out extended permit tcp any host 1.2.3.33 eq 3390
    access-list acl_out extended permit tcp any host 1.2.3.34 eq 3390
    access-list acl_out extended permit tcp any host 1.2.3.35 eq 3390

    Please advise!

    Thanks in advance,

    Todd
    Last edited by telrick; 29th December 2011, 17:32.

  • #2
    Re: ASA 5505 configuation help

    static (inside,outside) tcp 1.2.3.33 3390 192.168.1.11 3389 netmask 255.255.255.255
    static (inside,outside) tcp 1.2.3.34 3390 192.168.1.12 3389 netmask 255.255.255.255
    static (inside,outside) tcp 1.2.3.35 3390 192.168.1.13 3389 netmask 255.255.255.255

    clear xlate


    These arent routes they are static nat statements btw
    Last edited by auglan; 29th December 2011, 18:02.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: ASA 5505 configuation help

      Thanks Auglan,

      I had to remove the static nat's that were there and add in nat's for the specific ports we needed redirected, but that was it.
      Now that I've seen it, it's starting to make more sense!

      Thanks for the help!

      Todd

      Comment


      • #4
        Re: ASA 5505 configuation help

        Sorry I should have posted to remove the old static nats before adding the updated ones.

        Glad you got it sorted out.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment

        Working...
        X