Daniel Booker
asked on
ASA5506 port forward problem
I have an 5506w asa ver 9 and asdm 7. The problem i am having is i just changed out from a linksys router to this ASA. So it goes ISP modem > ASA (used to be linksys) > switch > computers. I have port forwarded the same 10 TCP ports, but only 2 of them are not working 3389 and another.
Previously i had tested this box at my office and had 3389 on a different IP and when I actually set it up at the final location I changed the IP and it no longers works. I went so far as to remove the network object, Nat rule, and the access rule for it. I recreated it and still not working. I know previously right before i changed the box out i was able to rdp into the server. I went and even double checked to make sure noone had changed the listening port on the server and the windows firewall had the port allowed. Checked remote settings and it is still on. What could i be missing at this point? I mean it was working hours before the change and the only thing that changed was this ASA box. GRC says it is closed and not stealth so something is slightly open?
Previously i had tested this box at my office and had 3389 on a different IP and when I actually set it up at the final location I changed the IP and it no longers works. I went so far as to remove the network object, Nat rule, and the access rule for it. I recreated it and still not working. I know previously right before i changed the box out i was able to rdp into the server. I went and even double checked to make sure noone had changed the listening port on the server and the windows firewall had the port allowed. Checked remote settings and it is still on. What could i be missing at this point? I mean it was working hours before the change and the only thing that changed was this ASA box. GRC says it is closed and not stealth so something is slightly open?
What ip did you use.
Normaly change youre nat policy and access rule.
Did you change both of them ?
Normaly change youre nat policy and access rule.
Did you change both of them ?
ASKER
NetExpert Network Solutions Pte Ltd
Sorry, im really new to ASA so i am not sure exactly what you are asking for.
Benjamin Van Ditmars
I guess just to walk you through what I did...
Firewall > Objects > network objects/groups > add > network object > name: 3389, type: Host, IP Address: (LanIP of my server), expanded NAT and checked "add automatic address translation rules, type: static, translate addr: outside > advanced > source interface: inside, destination interface: Outside, protocol: tcp, real port: 3389, mapped port: 3389 > ok > ok > apply > save > Access Rules > Add > interface: outside, source: any, desintation: 3389 (object i had just created), service: ip > ok > apply > save.
Sorry, im really new to ASA so i am not sure exactly what you are asking for.
Benjamin Van Ditmars
I guess just to walk you through what I did...
Firewall > Objects > network objects/groups > add > network object > name: 3389, type: Host, IP Address: (LanIP of my server), expanded NAT and checked "add automatic address translation rules, type: static, translate addr: outside > advanced > source interface: inside, destination interface: Outside, protocol: tcp, real port: 3389, mapped port: 3389 > ok > ok > apply > save > Access Rules > Add > interface: outside, source: any, desintation: 3389 (object i had just created), service: ip > ok > apply > save.
ASKER
Just in case took screenshots of the Object/Nat and Access Rule
access-rule.jpg
nat-rule.jpg
network-object.jpg
access-rule.jpg
nat-rule.jpg
network-object.jpg
The above screenshot confirm that the config of port forwarding is right.
Still, do u see any issues.?
Still, do u see any issues.?
If you have time, i can take a look of your ASA config and logs thru team viewer(remote management application)
ASKER
Sure, but I only have access to the asdm though right now.
Yes.. ASDM access is enough to see the logs..
Let me know your team viewer id and password
Let me know your team viewer id and password
ASKER
Do you use skype or could i get your email?
you can send to my id projects@netexpert.com.sg
ASKER
Okay, i just sent the teamviewer info to your email.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you post your asa config