Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with port forwarding on Cisco ASA5505

Status
Not open for further replies.
viperman

viperman

IS-IT--Management
Nov 12, 2002
33
0
0
US
Hello,

i have the task of getting port forwarding working on this cisco router(ASA5505, 256 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash,128MB). I am a cisco novice. What I'm trying to do is have ports 3389 and 25 forwarded from the wan side(69.88.205.110) to the lan server(192.168.20.1).

Here's the config:

ASA Version 7.2(2)
!
hostname xxxxxxxx
domain-name acso-oh.us
enable password xxxxxxxxxxxxrQ.l encrypted
names
!
interface Vlan1
description Ethernet LAN
nameif inside
security-level 100
ip address 192.168.20.254 255.255.255.0
!
interface Vlan2
description WAN connection
nameif outside
security-level 0
ip address 69.88.205.110 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxxxxxxxxx encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name acso-oh.us
access-list nonat extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list headend extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit icmp any any unreachable
access-list outside extended permit tcp any host 69.88.205.110 eq smtp
access-list outside extended permit tcp any host 69.88.205.110 eq 3389
access-list outside extended permit tcp any host 69.88.205.110 eq 4125
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 69.88.205.110 smtp 192.168.20.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 69.88.205.110 3389 192.168.20.1 3389 netmask 255.255.255.255
static (inside,outside) tcp 69.88.205.110 4125 192.168.20.1 4125 netmask 255.255.255.255
access-group outside in interface outside
route outside 0.0.0.0 0.0.0.0 69.88.205.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password xxxxxxxxxxx encrypted privilege 15
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 match address headend
crypto map mymap 10 set peer 65.40.137.100
crypto map mymap 10 set transform-set myset
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 20
tunnel-group 65.40.137.100 type ipsec-l2l
tunnel-group 65.40.137.100 ipsec-attributes
pre-shared-key *
telnet 192.168.20.0 255.255.255.0 inside
telnet timeout 5
ssh 12.37.114.0 255.255.255.0 outside
ssh 69.68.43.130 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd dns 192.168.1.3 12.127.17.71
dhcpd wins 192.168.1.3
dhcpd domain acso-oh.us
dhcpd auto_config outside
!
dhcpd address 192.168.20.50-192.168.20.80 inside
dhcpd enable inside
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:767e004a4cebd81be7fd697ddaab2df7
: end


I didn't do this and it obviously doesn't work but like I said, I'm not a cisco guy. Any help would be greatly appreciated.
 
Sort by date Sort by votes
Hi Viperman
Your's configuration is OK and it's must work. The problem is on 192.168.20.1 machine, check on default gateway, firewall. Maybe try connect from other computer in your 192.168.20.0 LAN to this services (25,3389).
regards
Mac Foxx
 
Upvote 0 Downvote
I'll check when I'm on-site but I'm almost sure those services work internally. How to I enabled logging(and which logging) to see from an ssh session if the connection is going through or not. Thanks.

J.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
117
Jared R
Jared R
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
118
bdk76
bdk76
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
68
Zero6
Zero6
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
103
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top