Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 919
  • Last Modified:

Command line in Cisco ASA

Hello, I have a problem with Cisco ASA 5505 with this software version:
adsm version 6.3(1)
asa version 8.3(1)

Now in "tool --> command line interface" I have send this command:
#static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255

the command send is succesfully, then "save running configuration to flash" but in running configuration (and also in startup configuration) there isn't this nat command !!
is very strange !
Thanks.

-
 Salvatore.
0
sasapix
Asked:
sasapix
  • 5
  • 3
  • 2
  • +2
5 Solutions
 
Jan SpringerCommented:
what do you see if you send the command (no quotes) "copy run start" instead of the GUI option?
0
 
Ernie BeekExpertCommented:
As per version 8.3 NAT and statics have changed, I think that is the issue.

have a look at: http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp83968 for the new commands.
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

there is new command for static on 8.3.1:

so you need:
object network obj-192.168.1.1
 host 192.168.1.1
access-list inbound extended permit tcp any object obj-192.168.1.1 eq www
object network obj-192.168.1.1
 nat (inside,outside) static interface service tcp www www

for more information:
http://www.petenetlive.com/KB/Article/0000247.htm
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
sasapixAuthor Commented:
therefore in:

nat (inside,outside) static interface service tcp www www

there ins't indicated the host destination ?
Thanks.

-
 Salvatore.
0
 
sasapixAuthor Commented:
when run:
with firt and second command is all ok but I have problem with commando:

host 192.168.1.1

Result of the command: "host 192.168.1.1"
host 192.168.1.1
^
ERROR: % Invalid input detected at '^' marker.

the syntax is incorrect ?
Thanks.

-
 Salvatore.
0
 
Istvan KalmarHead of IT Security Division Commented:
network-object host 192.168.1.1
0
 
MikeKaneCommented:
>>Result of the command: "host 192.168.1.1"
>>host 192.168.1.1
>>^
>>ERROR: % Invalid input detected at '^' marker.

This is because the host command MUST follow the
object network obj-192.168.1.1


0
 
sasapixAuthor Commented:
Sorry but I do not understand how can I run the command ! :-(


network-object host 192.168.1.1 host 192.168.1.1

??
Thanks.

-
 Salvatore.
0
 
MikeKaneCommented:
Its 2 separate lines.  

object network obj-192.168.1.1
 host 192.168.1.1

You are creating the object called "obj-192.168.1.1", then you are defining what's in it with " host 192.168.1.1"

0
 
sasapixAuthor Commented:
I am able to enter commands requested but in the log when I try access I have this:

4      Feb 21 2011      01:40:35      106023      ip_external 49881
192.168.1.1      80      Deny tcp src outside:ip_external/49881 dst
inside:192.168.1.1/80 by access-group "outside_access_in" [0x0, 0x0]

but in cisco configuration I have:

access-list outside_access_in extended permit object 80 any object obj-192.168.1.1

I must insert another access-list ??
Thanks.

-
 Salvatore.

0
 
MikeKaneCommented:
192.168.1.1 is the inside IP that you Port Forward WWW from the outside interface IP.    When traffic comes into the ASA, you should allow it to hit the "Outside interface"   Not the NAT'd internal interface.    THat is the issue.  

Change the outside_access_in to allow port 80 to the "outside interface IP"
0
 
sasapixAuthor Commented:
I have add:

access-list outside_access_in extended permit tcp any object obj-192.168.1.1 object-group www

and now is ok !.
Thanks.

-
 Salvatore.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now