Link to home
Start Free TrialLog in
Avatar of odewulf
odewulfFlag for United States of America

asked on

Open RPC port on a ASA 5505

I am used to configure cisco PIX 501, but one of our customers bought a ASA 5505. The commands are quite similar so I thought that it won't be an issue configuring it.
Unfortunately I can access the internet or RPC from the server, but I can't access the server from the outside. I tried RPC or even port 25 is not responsive.
I am not sure if there is an extra line I need to add for the ASA 5505. I even checked the APDM, and there it shows that the links are down on the outside and inside interface, even if there is some internet traffic. If I check the rules there every thing seems to be fine. Could some one have a look at my configuration and tell me if I am missing something? x.x.x.x is the server address on the outside interface and y.y.y.y is the gateway
thanks
!
ASA Version 7.2(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.150.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list acl_out extended permit icmp any any echo-reply
access-list acl_out extended permit tcp any host x.x.x.x eq 3389
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
tatic (inside,outside) tcp x.x.x.x 3389 192.168.150.5 3389 netmask 255.25
5.255.255
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.y 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.150.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.150.10-192.168.150.41 inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:36c76ca5be5e7261eb0913fdbc800e2b

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of odewulf

ASKER

Thanks I am going to try that this afternoon.
I was trying to open a few more ports that just RDP, but for the example RDP was enough. I will do the same for the other port and let you how it goes
thanks again
Avatar of odewulf

ASKER

Thanks again it worked perfectly now. The only issue I still have left is that now the users can't connect using the windows VPN. It is trying to connect but then I get the error 800. I am going to check for that