Solved

problem to allow inside server to be accessible from outside on port 2006 and port 2010 on asa5505

Posted on 2014-11-07
4
163 Views
Last Modified: 2014-11-15
Hi expert , i have a problem with my asa 5505 version 9.2(1) , i want to allow inside server to be accessible from outside on port 2006 and 2010 , i have test on port 80 and all work but not on port 2006 and 2010 , do you have a idea ?

this is my config of my asa5505 512 Mb



: Saved
:
: Serial Number: JMX1237Z21P
: Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(1)
!
hostname test
domain-name test.net
enable password FDJEnenejedjd encrypted
passwd FDJEnenejedj encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 77.36.2.226 255.255.255.248
!
ftp mode passive
clock timezone PMST -3
clock summer-time PMDT recurring 2 Sun Mar 2:00 1 Sun Nov 3:00
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 77.36.0.5
 name-server 77.36.0.6
 domain-name cheznoo.net
object network obj-192.168.1.0
 subnet 192.168.1.0 255.255.255.0
object service syd2006
 service tcp destination eq 2006
object service syd2010
 service tcp destination eq 2010
object network serveur_interne
 host 192.168.1.5
access-list outside_access extended permit tcp any4 object serveur_interne eq 2006
access-list outside_access extended permit tcp any4 object serveur_interne eq 2010
access-list outside_access extended permit tcp any4 object serveur_interne eq 80
pager lines 24
logging buffered debugging
logging trap errors
logging asdm informational
logging host outside 77.36.0.10
logging host outside 77.36.0.68
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj-192.168.1.0
 nat (inside,outside) dynamic interface
object network serveur_interne
 nat (inside,outside) static 77.36.2.228
access-group outside_access in interface outside
route outside 0.0.0.0 0.0.0.0 77.36.2.225 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 77.36.0.65 255.255.255.255 outside
snmp-server host outside 77.36.0.69 community *****
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 77.36.0.65 255.255.255.255 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd address 192.168.1.10-192.168.1.50 inside
dhcpd dns 77.36.0.5 77.36.0.6 interface inside
dhcpd domain test.net interface inside
dhcpd enable inside
!
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 199.212.17.34 source outside prefer
username admin password sghfghfghhfghfg encrypted privilege 15
!
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:sdfgdfgsdfgsdfgsdfgsdfgsdfgsdfg
: end


Thank and Regard
Rudy
0
Comment
Question by:spmt
  • 3
4 Comments
 
LVL 15

Expert Comment

by:max_the_king
ID: 40429592
Hi,
your config seems ok ... but in the following statements you should change "any" in place of "any4":

access-list outside_access extended permit tcp any4 object serveur_interne eq 2006
access-list outside_access extended permit tcp any4 object serveur_interne eq 2010
access-list outside_access extended permit tcp any4 object serveur_interne eq 80

max
0
 

Author Comment

by:spmt
ID: 40432473
Hi max , i try this but the problem it's the same , i can reach server from inside network on all port (80,2006,2010) but on outside network i just can reach inside server on port 80 , any idea ? Thanks and Regards
0
 

Accepted Solution

by:
spmt earned 0 total points
ID: 40433086
Hi , i try on a other asa 5505 and it work with same config
0
 

Author Closing Comment

by:spmt
ID: 40444249
bug
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now