Hi There,
If someone could help me that would be great. I have a Cisco ASA 5505 that I'm trying to configure to allow any Internet IP Address to come through port 3206 and get to a workstation on the Internal network on the same port.
I've changed my Outside IP in the following information for security sake. Also, I've typically been using the Cisco ASDM utility to perform the configuration as I'm not familiar with many of the command line commands (but feel free to help me via command line instructions if that's what you know).
My setup is like this: Outside IP = 1.2.3.4 Inside IP = 192.168.0.254 I'm using PAT for my address translation as my client only has one Internet IP address.
We need to initiate a connection from the Internet to port 3206 at IP
192.168.0.206.I've created a static NAT rule as follows:
Real Address: Interface: inside IP Address: 192.168.0.206 Netmask:
255.255.255.255Static Translation: Interface: outside IP Address: 1.2.3.4
Enable Port Address Translation (PAT): Protocol: tcp Original Port: 3206 Translated Port: 3206
I think this NAT rule is configured OK (please confirm) and I'm pretty sure that I'm just running into problems with my Access Rules in the Security Policy area.
I've tried creating all kinds of incoming rules on the Outside Interface (have also tried quite a few on the inside interface) but nothing seems to work and I can never make a connection from an external Internet IP Address.
Would it be possible for one of you gurus to give me a detailed description on what security rules I need to create to get this to work? And/or let me know what's wrong with my NAT rule? It seems like no matter what rules I create it just won't work. In part of my testing I've even created incoming rules that permit any source address to any desitnation address and have applied this to both the IP protocal as well as to tcp port 3206. That still didn't work and I still couldn't get in.
I'm also going to need to map external port 25 to go to 192.168.0.30, but I haven't even tried working on that yet as the mail server is not online yet and so therefore I can't test it very well. But I assume that if I can figure out the forarding of port 3206 then forwarding port 25 should be a snap.
If someone can give me some instructions on what I need to do to get this working then I'll take you out for some beers (if you live in Vancouver or the surrounding areas) and I'd be eternally thankful.
Let me know if you need more information regarding the setup, etc. This is the first time I've been trying to set up a Cisco device and so I'm not 100% sure what type of information you'll need.
Thanks,
Rich