Configuration ASA port redirection.
I have been trying to configure Port-redirection on my ASA firewall for ports 80 and 21 to a computer in the inside network.
Outside Network X.X.X.X./24
Inside Network 192.168.100.0/24
#1) All firewall is disable on InternalPC and IIS is installed with ftp server. i can reach the server internally via http and ftp
2#) The ASA is configure with all base config, so all computer reach internet from asa dhcp using PAT, outside is config with 0 security level, inside config with 100 security level. All works fine. ASA version 9.1.
#3) i am trying to configure port-redirection but i am still get access denied when connecting from outside. below is the additional configuration i placed on the ASA.
is there anything else i need besides below commands. Please advise.
Object network PC_Web
Host 192.168.100.10
Nat (inside,outside) static interface service tcp www www
Nat (inside,outside) static interface service tcp ftp ftp
access-list outside_access line 1 extended permit tcp any object PC_Web eq www
access-list outside_access line 2 extended permit tcp any object PC_Web eq ftp
access-group outside_access in interface outside
Outside Network X.X.X.X./24
Inside Network 192.168.100.0/24
#1) All firewall is disable on InternalPC and IIS is installed with ftp server. i can reach the server internally via http and ftp
2#) The ASA is configure with all base config, so all computer reach internet from asa dhcp using PAT, outside is config with 0 security level, inside config with 100 security level. All works fine. ASA version 9.1.
#3) i am trying to configure port-redirection but i am still get access denied when connecting from outside. below is the additional configuration i placed on the ASA.
is there anything else i need besides below commands. Please advise.
Object network PC_Web
Host 192.168.100.10
Nat (inside,outside) static interface service tcp www www
Nat (inside,outside) static interface service tcp ftp ftp
access-list outside_access line 1 extended permit tcp any object PC_Web eq www
access-list outside_access line 2 extended permit tcp any object PC_Web eq ftp
access-group outside_access in interface outside
Soulja
That looks good. What is your firewall log showing? Also what is you xlate table showing?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Try this command and check :
ASA(config)#access-group outside_access in interface inside
Try this command and check :
ASA(config)#access-group outside_access in interface inside
ASKER
Thanks Peter Long.