Solved

Open RPC port on a ASA 5505

Posted on 2008-06-12
5
3,001 Views
Last Modified: 2010-05-05
I am used to configure cisco PIX 501, but one of our customers bought a ASA 5505. The commands are quite similar so I thought that it won't be an issue configuring it.
Unfortunately I can access the internet or RPC from the server, but I can't access the server from the outside. I tried RPC or even port 25 is not responsive.
I am not sure if there is an extra line I need to add for the ASA 5505. I even checked the APDM, and there it shows that the links are down on the outside and inside interface, even if there is some internet traffic. If I check the rules there every thing seems to be fine. Could some one have a look at my configuration and tell me if I am missing something? x.x.x.x is the server address on the outside interface and y.y.y.y is the gateway
thanks
!
ASA Version 7.2(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.150.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list acl_out extended permit icmp any any echo-reply
access-list acl_out extended permit tcp any host x.x.x.x eq 3389
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
tatic (inside,outside) tcp x.x.x.x 3389 192.168.150.5 3389 netmask 255.25
5.255.255
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.y 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.150.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.150.10-192.168.150.41 inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:36c76ca5be5e7261eb0913fdbc800e2b

Open in new window

0
Comment
Question by:odewulf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 21778653
What port are you trying to contact the server on?
Looking at the config you have 3389 RDP? is that what you are trying to do?

do this

conf t
no access-list acl_out extended permit tcp any host x.x.x.x eq 3389
no access-list acl_out extended permit icmp any any echo-reply
no access-group acl_out in interface outside
access-list inbound permit tcp any interface outside eq 3389
access-group inbound in interface outside
static (inside,outside) tcp interface 3389 x.x.x.x 3389 netmask 255.255.255.255
write mem

OK now we will sort out icmp.............

policy-map global_policy
class inspection_default
inspect icmp
exit
exit
write mem
clear xlate


now try again :)





0
 

Author Comment

by:odewulf
ID: 21779832
Thanks I am going to try that this afternoon.
I was trying to open a few more ports that just RDP, but for the example RDP was enough. I will do the same for the other port and let you how it goes
thanks again
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 21780364
0
 

Author Comment

by:odewulf
ID: 21888283
Thanks again it worked perfectly now. The only issue I still have left is that now the users can't connect using the windows VPN. It is trying to connect but then I get the error 800. I am going to check for that
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 32644361
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question