zander1
asked on
Cisco ASA, Allowing an external IP through to specific device on network on certain ports.
Hi,
Just having a sense check here.
I am allowing an external company through our firewall for remote access to a device on our internal network on certain ports. I am locking down the access to only their external IP.
I have created the following network objects
Device_Ext (Public IP for the company to use for access)
Device_Int (Internal Lan IP of the destination device)
External_Company_IP
Device_TCP (Services groups)
object-group service Device_TCP tcp
port-object eq 5222
port-object eq 5269
port-object eq 8444
access-list Outside_access_in extended permit tcp object External_Company_IP object Device_Int object-group Device_TCP
Question do I have to NAT the Device_Ext through to the Device_Int ??
Not sure if I need both access list and NAT.
Help appreciated.
Cheers
Just having a sense check here.
I am allowing an external company through our firewall for remote access to a device on our internal network on certain ports. I am locking down the access to only their external IP.
I have created the following network objects
Device_Ext (Public IP for the company to use for access)
Device_Int (Internal Lan IP of the destination device)
External_Company_IP
Device_TCP (Services groups)
object-group service Device_TCP tcp
port-object eq 5222
port-object eq 5269
port-object eq 8444
access-list Outside_access_in extended permit tcp object External_Company_IP object Device_Int object-group Device_TCP
Question do I have to NAT the Device_Ext through to the Device_Int ??
Not sure if I need both access list and NAT.
Help appreciated.
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER