Port Forwarding ASA 5505 (Static NAT)
For those of you searching the Internet to try and find a good or simple example of how port forwarding is done on a Cisco ASA 5505 firewall.
This post contains a working example of a port forwarding configuration on a Cisco ASA 5505 that's allowing RDP, TCP port 3389, through the firewall to from the Internet to the LAN side to a server. For new users to the ASA, how to configure a port forwarding rule on a Cisco ASA 5505 can be a more easily accomplished if the working configuration of a working ASA5505 is viewed.
Below is a GUI shot of a working RDP (Terminal Server) port forward configuration running on a Cisco ASA 5500 series firewall. The TCP port number 3398 is forwarded from the outside interface that's part of VLAN2 to the inside interface that's part of the VLAN1.
!
interface Vlan1 nameif
inside security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2 nameif
outside security-level 0
ip address dhcp setroute
Using the example below, just swap out the ip addresses shown in the static NAT translation for port forwarding RDP (terminal Server) with your own and you have a connection from the Internet to the LAN.
If you prefer command line, it's three lines of code at the command line that will do a simple port forwarding for RDP on the Cisco ASA.
Here they are:
access-list outside_access_in extended permit tcp any interface outside eq 3389
static (inside,outside) tcp interface 3389 192.168.1.10 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
Obviously, if you are looking to use the lines of code shown in the example above, change the 192.168.1.10 ip address shown above to be the address of the computer or server your forwarding RDP (terminal server) port to connect to. You can essentially use this example for terminal server RDP or for any other forwarding requirement you may have like ftp, http,smtp, etc.
Basic Router Setup
Thank you for your Question. So a basic setup to get you going and to get all 5 of your computers online you will need a DHCP and NAT. The nice thing is you will only need to configure the Router. I have created from your email what I think is the network you currently have.
So to configure the router we have to do a couple of things.
- Setup Port on Router for DHCP from Modem
- Setup DHCP Server on Router
- Setup Nat
To get started console in to the Router, and get in to Config mode.
Router> en
Router# Conf T
Router(config)#
Then let’s run some commands.
Hostname YourNameHere
Ip dhcp pool Pool1
Network 192.168.100.0 255.255.255.0
Default-router 192.168.100.1
Dns-server 4.2.2.1 4.2.2.2
You now have a DHCP Server running on your router. Time to configure the ports.
interface fa0/0
description External connection to Modem
ip address DHCP
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
interface fa0/1
description internal
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
So your ports are now configured. As long as your Modem is providing a DHCP address to the router you should be good to go. There are still a few more things we will have to do to get this up and running.
ip default-gateway fa0/0
ip classless
ip route 0.0.0.0 0.0.0.0 fa0/0
ip nat inside source list 7 interface fa0/0 overload
That’s it. You should be good to go.
Tags
Categories
- Articles (1)
- AskTheCiscoKid.com (2)
- Demo (1)
- Firewalls (4)
- ASA (2)
- News (3)
- Nexus (3)
- 1000v (3)
- Quick Tips (3)
- Routers (4)
- Switchs (5)
- VOIP (3)
- Wireless (1)
- Controller (1)
Links
User Control
Follow Me on Twitter!
