Solved

problem to allow inside server to be accessible from outside on port 2006 and port 2010 on asa5505

Posted on 2014-11-07
4
165 Views
Last Modified: 2014-11-15
Hi expert , i have a problem with my asa 5505 version 9.2(1) , i want to allow inside server to be accessible from outside on port 2006 and 2010 , i have test on port 80 and all work but not on port 2006 and 2010 , do you have a idea ?

this is my config of my asa5505 512 Mb



: Saved
:
: Serial Number: JMX1237Z21P
: Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(1)
!
hostname test
domain-name test.net
enable password FDJEnenejedjd encrypted
passwd FDJEnenejedj encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 77.36.2.226 255.255.255.248
!
ftp mode passive
clock timezone PMST -3
clock summer-time PMDT recurring 2 Sun Mar 2:00 1 Sun Nov 3:00
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 77.36.0.5
 name-server 77.36.0.6
 domain-name cheznoo.net
object network obj-192.168.1.0
 subnet 192.168.1.0 255.255.255.0
object service syd2006
 service tcp destination eq 2006
object service syd2010
 service tcp destination eq 2010
object network serveur_interne
 host 192.168.1.5
access-list outside_access extended permit tcp any4 object serveur_interne eq 2006
access-list outside_access extended permit tcp any4 object serveur_interne eq 2010
access-list outside_access extended permit tcp any4 object serveur_interne eq 80
pager lines 24
logging buffered debugging
logging trap errors
logging asdm informational
logging host outside 77.36.0.10
logging host outside 77.36.0.68
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj-192.168.1.0
 nat (inside,outside) dynamic interface
object network serveur_interne
 nat (inside,outside) static 77.36.2.228
access-group outside_access in interface outside
route outside 0.0.0.0 0.0.0.0 77.36.2.225 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 77.36.0.65 255.255.255.255 outside
snmp-server host outside 77.36.0.69 community *****
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 77.36.0.65 255.255.255.255 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd address 192.168.1.10-192.168.1.50 inside
dhcpd dns 77.36.0.5 77.36.0.6 interface inside
dhcpd domain test.net interface inside
dhcpd enable inside
!
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 199.212.17.34 source outside prefer
username admin password sghfghfghhfghfg encrypted privilege 15
!
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:sdfgdfgsdfgsdfgsdfgsdfgsdfgsdfg
: end


Thank and Regard
Rudy
0
Comment
Question by:spmt
  • 3
4 Comments
 
LVL 15

Expert Comment

by:max_the_king
ID: 40429592
Hi,
your config seems ok ... but in the following statements you should change "any" in place of "any4":

access-list outside_access extended permit tcp any4 object serveur_interne eq 2006
access-list outside_access extended permit tcp any4 object serveur_interne eq 2010
access-list outside_access extended permit tcp any4 object serveur_interne eq 80

max
0
 

Author Comment

by:spmt
ID: 40432473
Hi max , i try this but the problem it's the same , i can reach server from inside network on all port (80,2006,2010) but on outside network i just can reach inside server on port 80 , any idea ? Thanks and Regards
0
 

Accepted Solution

by:
spmt earned 0 total points
ID: 40433086
Hi , i try on a other asa 5505 and it work with same config
0
 

Author Closing Comment

by:spmt
ID: 40444249
bug
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS/Connection Problem 5 43
dhcp issue 21 61
Port Generator Tool 10 95
My laptop is getting both a valid IP address and the broadcast address on this network 8 77
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now