Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

CISCO ASA

For multiple reasons I can't use putty or hyper terminal to get this done. How do I go about configuring this from the ASDM 5.2 for ASA tool?

interface Vlan2
 nameif outside
 security-level 0
ip address 99.99.99.99 255.255.255.192
access-list outside_access_in extended permit tcp any host 99.99.99.99 eq 3389
static (inside,outside)  99.99.99.95  10.0.0.95  netmask 255.255.255.255
static (inside,outside)  99.99.99.96  10.0.0.96  netmask 255.255.255.255
static (inside,outside)  99.99.99.97  10.0.0.97  netmask 255.255.255.255
0
whocaresaboutit
Asked:
whocaresaboutit
  • 3
  • 2
  • 2
  • +1
1 Solution
 
GuruChiuCommented:
These are just example for you. Pls use your own real IP addresses.
Also you probably need to add additional access-list statements to open traffic for 99.99.99.95 - 97, depends on what you want to open.

The easiest way to configure is to paste those statement into ASA while you ssh to it. When you try to putty, what do you get?
0
 
whocaresaboutitAuthor Commented:
I changed the real IP so not to reveal internal information.

I can't get access via console or ssh. I want to send a user information on how to do it via ASDM.
0
 
Istvan KalmarCommented:
could you show us the whole config?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
whocaresaboutitAuthor Commented:
I thought it would be clear that I'm trying to open the RDP port to the public IP assigned to my wan interface. Then I want to add rules to map aditional public IPs to internal IP, so that users can RDP to computers behind the ASA.
0
 
Istvan KalmarCommented:
you need the following:

access-list outside_access_in extended permit tcp any host 99.99.99.97 eq 3389
access-list outside_access_in extended permit tcp any host 99.99.99.96 eq 3389
access-list outside_access_in extended permit tcp any host 99.99.99.95 eq 3389
0
 
GuruChiuCommented:
It is probably easier to walk you through how to enable ssh on the public interface instead of trying to walk an end user to use ASDM to configure all these things. Once you have ssh enable on the public interface, you can connect to it remotely.
0
 
whocaresaboutitAuthor Commented:
ikalmar

Missing nat rule from public IP to local IP... right?
0
 
periferralCommented:
whocaresaboutit.

it is unclear what you want to do. Do you want to access the ASA from the outside using ASDM/Telnet?

if so, you need
http server enable
http 0 0 outside  (<- this is a security hole since you are allowing everyone on the outside access to ASDM)
you would still need the enable password to get access though.

As for RDP
you dont need this
access-list outside_access_in extended permit tcp any host 99.99.99.99 eq 3389
since 99.99.99.99 is the IP address of the ASA

Instead you need this

access-list outside_access_in extended permit tcp any host 99.99.99.97 eq 3389
access-list outside_access_in extended permit tcp any host 99.99.99.96 eq 3389
access-list outside_access_in extended permit tcp any host 99.99.99.95 eq 3389
static (inside,outside)  99.99.99.95  10.0.0.95  netmask 255.255.255.255
static (inside,outside)  99.99.99.96  10.0.0.96  netmask 255.255.255.255
static (inside,outside)  99.99.99.97  10.0.0.97  netmask 255.255.255.255

this will give machines ending with 95,96 and 97 access to RDP.  You still need the static's you have listed.



0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now