Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ASA 5505 DMZ and passthrough ports

ASA 5505 DMZ and passthrough ports 9 years 3 weeks ago #23935

  • Selket
  • Selket's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
I recently inhertited a network with an ASA 5505 in a remote office. I have a server there that needs to be placed into a DMZ on that ASA (Plus Security License already applied). I also need to allow specific port traffic to pass through.

I have created an Object-group:

Object-group service SERVER tcp
description TCP Passthrough Ports
Port-object range XXXX-XXXX
Port-object range xxxx-xxxx
Port-object range eq xxxxx


and an access list outside_access_in:

access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER


and applied this access list to the outside interface:

access-group outside_access_in in interface outside


Is this correct? And how do I associate the DMZ Server with this?

Thank you much,

S
The administrator has disabled public write access.

Re: ASA 5505 DMZ and passthrough ports 9 years 3 weeks ago #23939

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Have you configured the DMZ interface on the ASA?
The administrator has disabled public write access.

Re: ASA 5505 DMZ and passthrough ports 9 years 3 weeks ago #23942

  • sp1k3tou
  • sp1k3tou's Avatar
  • Offline
  • Frequent Member
  • Posts: 65
  • Karma: 0
Just like skepticals said you will need to configure a port on that ASA as a DMZ port. Also you will need to assign your access list to whatever you named the DMZ interface.

Post a show run so we can see your full configuration along with a show ver so we can see if that port is active after the security license has been applied.
The administrator has disabled public write access.

Re: ASA 5505 DMZ and passthrough ports 9 years 1 week ago #24105

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
An analysis of the services being offered by that server will determine what port needs to be opened. YOu can't just open ports without knowing what services are offered. If that's the case, just open for everything.
I recently inhertited a network with an ASA 5505 in a remote office. I have a server there that needs to be placed into a DMZ on that ASA (Plus Security License already applied). I also need to allow specific port traffic to pass through.

I have created an Object-group:

Object-group service SERVER tcp
description TCP Passthrough Ports
Port-object range XXXX-XXXX
Port-object range xxxx-xxxx
Port-object range eq xxxxx


and an access list outside_access_in:

access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER


and applied this access list to the outside interface:

access-group outside_access_in in interface outside


Is this correct? And how do I associate the DMZ Server with this?

Thank you much,

S
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup