Link to home
Create AccountLog in
Avatar of xxnoel
xxnoel

asked on

Enable RADMIN through the ASA 5505 Firewall

I want to enable Radmin through the ASA 5505 firewall so that I can access my LAN through the internet- I tried using an access-list by letting the traffic pass through port 4899 (Radmin's default TCP port), but still no go.

How do I go about this?

Thanks.
Avatar of batry_boy
batry_boy
Flag of United States of America image

Did you set up a static translation for the inside host(s) that you want to allow the RADMIN traffic to?  You'll need to do this as well as defining an ACL to allow the traffic.  For example, if you wanted to allow RADMIN traffic to inside host 192.168.1.20 and you wanted to use port forwarding on the outside interface IP of the firewall to get to that internal host via RADMIN, then here is how to do it:

static (inside,outside) tcp interface 4899 192.168.1.20 4899 netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq 4899
access-group outside_access_in in interface outside

Then, you would be able to reference the outside IP address of the firewall in your RADMIN client on the outside to get to the inside host 192.168.1.20.
Avatar of xxnoel
xxnoel

ASKER

I actually looked up this question and implemented what you suggested but still no go.

Below is my config. Please keep in mind that this is an initial configuration behind another firewall, so alot of the security features are still not configured.

Here's my config-

ASA Version 7.2
!
hostname irix
domain-name irix.com
enable password xxxxxxxxxxxxxxxxxxxx encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.15 255.255.255.0
!
interface Vlan11
 nameif outside
 security-level 0
 ip address 172.16.15.122 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 11
!
interface Ethernet0/2
 switchport access vlan 2
!
passwd xxxxxxxxxxxxx encrypted
!
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 domain-name irix.com
dns server-group MyDNS
 name-server 172.16.14.14
 domain-name sephora.com
access-list inside_access_in extended permit ip any any
access-list RADMIN_outside_access_in extended permit tcp any interface outside eq 4899
!
global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 4899 192.168.1.100 4899 netmask 255.255.25
5.255
access-group inside_access_in in interface inside
access-group RADMIN_outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 172.16.14.14 1
!
username XXX password XXXXX encrypted
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 172.16.14.14 172.16.14.12
dhcpd auto_config outside
!
dhcpd address 192.168.1.100-192.168.1.110 inside
dhcpd enable inside
!

Thanks-
ASKER CERTIFIED SOLUTION
Avatar of batry_boy
batry_boy
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of xxnoel

ASKER

Hey thanks!