Rashad Mehmood
asked on
how to open port for inbound traffic on ASA 5505 (8.2)
i want to allow a port on ASA 5505 (8.2) from outside.
i created this ACL for this.
access-list outside_access_in extended permit tcp any interface outside eq 10200 log
access-group outside_access_in in interface outside.
but it doesn't work.
Please help.
Thanks
i created this ACL for this.
access-list outside_access_in extended permit tcp any interface outside eq 10200 log
access-group outside_access_in in interface outside.
but it doesn't work.
Please help.
Thanks
You need to specify which address internally is receiving that traffic.
I'm not sure about 8.2... but this is how you do this currently (I can go back and look at some of my old configs if this doesn't work and give you the correct syntax):
Create a network object for the private server address:
Create a network object for the public server address:
Add the entry to your ACL:
Create a static mapping:
Apply the access list to your interface:
I'll go look and see if that's the case for 8.2. I don't think it is... I think 8.3 was the big version upgrade that changed everything.
Create a network object for the private server address:
object network Private.Server
host 192.168.1.1
Create a network object for the public server address:
object network Public.Server
host 1.2.3.4
Add the entry to your ACL:
access-list Inbound.Traffic extended permit tcp any object Private.Server eq 10200 log
Create a static mapping:
object network Private.Server
nat (inside,outside) static Public.Server
Apply the access list to your interface:
access-group Inbound.Traffic in interface outside
I'll go look and see if that's the case for 8.2. I don't think it is... I think 8.3 was the big version upgrade that changed everything.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Joseph for reply,
where i can specify internal address receiving this address.
internet------------->[90. 81.41.9]AS A[192.168. 0.1]------ ---------- -[192.168. 0.11] Local machine.
my internal addresses is 192.168.1.10/24.
where i have to specify this address?
would be greatful for reply.
where i can specify internal address receiving this address.
internet------------->[90.
my internal addresses is 192.168.1.10/24.
where i have to specify this address?
would be greatful for reply.
For your particular configuration:
In the future, it's highly recommended you don't publish information specific to your network.
Give this a shot and let me know how it goes.
access-list MainACL extended permit tcp any host 90.81.41.9 eq 10200 log
static (inside,outside) 90.81.41.9 192.168.0.11 netmask 255.255.255.255
access-group MainACL in interface outside
In the future, it's highly recommended you don't publish information specific to your network.
Give this a shot and let me know how it goes.
ASKER
I do care of this.. these are not real IPs.
i applied the configuration , but upon configuring line 3, i get the following error.
static (inside,outside) 90.81.41.9 192.168.0.11 netmask 255.255.255.255
ERROR: Static PAT using the interface requires the use of the 'interface' keyword instead of the interface IP address
i applied the configuration , but upon configuring line 3, i get the following error.
static (inside,outside) 90.81.41.9 192.168.0.11 netmask 255.255.255.255
ERROR: Static PAT using the interface requires the use of the 'interface' keyword instead of the interface IP address
ASKER
Thanks , i got the solution,
i used following command for NAT and it worked for me.
static (inside,outside) tcp interface 1020 192.168.0.11 10200 netmask 255.255.255.255
really appreciate your help
i used following command for NAT and it worked for me.
static (inside,outside) tcp interface 1020 192.168.0.11 10200 netmask 255.255.255.255
really appreciate your help
My pleasure... sorry I missed the syntax on that command. It's been years and years since I looked at 8.2. :)
Gave the information needed for author to find solution.