hoggiee
asked on
Cisco ASA: Services terminating at interface are disabled.
When I tried to enter the following Static command onto my Cisco ASA 5510 firewall, I get the following messages:
static (inside,outside) interface 192.168.18.18 netmask 255.255.255.255 0 0
WARNING: static redirecting all traffics at outside interface;
WARNING: all services terminating at outside interface are disabled.
I could perform the static command with my PIX515E firewall without any warnings, and the static translation worked ok. But with ASA, the translation would not work. Is this because by default, the translation to interface is disabled in ASA? Please help. Thank you.
static (inside,outside) interface 192.168.18.18 netmask 255.255.255.255 0 0
WARNING: static redirecting all traffics at outside interface;
WARNING: all services terminating at outside interface are disabled.
I could perform the static command with my PIX515E firewall without any warnings, and the static translation worked ok. But with ASA, the translation would not work. Is this because by default, the translation to interface is disabled in ASA? Please help. Thank you.
please let us see your full config
ASKER
My fw config is very very long and due to security reason, I can't post it here. I just want to find out if services terminating at an interface have been disabled on ASA, and if there is anyway to enable it. Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am only given 1 single fixed public IP by my ISP. I actually tried the PAT static translation as what you told but I still cannot cannot to my internal server from outside. I attach here my fw config. This is the config of a PIX firewall, instead of ASA. Since my initial attempts failed with ASA, I am trying my luck with my PIX firewall now. Please help. Thanks.
fwconf.txt
fwconf.txt
pretty much if it works with your pix i don't see any reason not to work with the asa. so your problem was you can't access (rdp) an internal server 192.168.18.18 from outside. i noticed from your configuration that 192.168.18.18 is actually the inside ip address from the pix and the windows server was 192.168.218.222. so i suppose you changed the addressing and now your server have 192.168.18.18. than you need on the asa only these commands:
access-list outside permit tcp any interface outside eq 3389
access-group outside in int outside
static (inside,outside) tcp interface 3389 192.168.18.18 3389 netmask 255.255.255.255
actually on second read i can't find route to your 192.168.218.0 network. it wasn't directly connected to your firewall, was it. you should have had route to this network on your pix to make it reachable.
access-list outside permit tcp any interface outside eq 3389
access-group outside in int outside
static (inside,outside) tcp interface 3389 192.168.18.18 3389 netmask 255.255.255.255
actually on second read i can't find route to your 192.168.218.0 network. it wasn't directly connected to your firewall, was it. you should have had route to this network on your pix to make it reachable.
ASKER
egyptco:
Thanks for helping. The IP for the internal server is actually 192.168.18.19 (i forgot to update it). I have exactly the commands as told by on pix/asa, but still i cannot RDP to the internal server. I tried other port e.g. www and FTP, all failed. Any ideas?
Thanks for helping. The IP for the internal server is actually 192.168.18.19 (i forgot to update it). I have exactly the commands as told by on pix/asa, but still i cannot RDP to the internal server. I tried other port e.g. www and FTP, all failed. Any ideas?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.