Cisco ASA, Allowing an external IP through to specific device on network on certain ports.
Posted on 2014-03-12
Just having a sense check here.
I am allowing an external company through our firewall for remote access to a device on our internal network on certain ports. I am locking down the access to only their external IP.
I have created the following network objects
Device_Ext (Public IP for the company to use for access)
Device_Int (Internal Lan IP of the destination device)
Device_TCP (Services groups)
object-group service Device_TCP tcp
port-object eq 5222
port-object eq 5269
port-object eq 8444
access-list Outside_access_in extended permit tcp object External_Company_IP object Device_Int object-group Device_TCP
Question do I have to NAT the Device_Ext through to the Device_Int ??
Not sure if I need both access list and NAT.