Help with ASA 5505 Port Forwarding
thehourman
Member Posts: 723
Hello guys,I have a Cisco home rack lab which is behind my ASA 5505. I use my ASA to connect to the internet. My situation is I travel a lot for work and I am unable to do my labbing practice. I am pretty new to ASA and would like to do a port forwarding to access my access server which is connected to my Cisco routers and switches.My network topology is this:(internet)
(ASA 5505)
(3550)
(CM32 Access Server)
(Cisco Rack)This is how I setup my remote access:
(ASA 5505)
(3550)
(CM32 Access Server)
(Cisco Rack)This is how I setup my remote access:
ssh 0.0.0.0 0.0.0.0 outside
[COLOR=#333333][FONT=arial]![/FONT][/COLOR][COLOR=#333333][FONT=arial]object network CM32[/FONT][/COLOR][COLOR=#333333][FONT=arial]host 10.1.18.13[/FONT][/COLOR][COLOR=#333333][FONT=arial]object service CM32PF[/FONT][/COLOR][COLOR=#333333][FONT=arial]service tcp source eq [/FONT][/COLOR][COLOR=#333333][FONT=arial]nat (inside,outside) source static CM32 interface service CM32PF CM32PF[/FONT][/COLOR]I can't connect to my CM32 access server at all. On my SecureCRT, I get 'Broken pipe'. I am not sure if I am configuring this correctly. I have 15 ports that need to be forwarded to my CM32 access server.I can establish SSH connection to my ASA, but not to my CM32.Any help would be appreciated.Thanks
Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold
Comments
-
instant000 Member Posts: 1,745I haven't configured an ASA in quite some time now, and am not who you'd want configuring it, since I stopped working with it around the time places transitioned from 8.2 to 8.3/8.4.
Even with that said, I can prescribe a couple articles, that should set you up so that you can figure out this on your own, or at the least, generate output you could share with others, so we could then assist you in resolving the issue. That is, concepts last, while the specifics of configuration can change with a new code release ...)
The easiest way to check if you've misconfigured this:
Do a CLI packet-trace, to see where it fails in the process.
If that proves unfruitful, then you can do packet captures on the ingress and egress interfaces of the firewall, to see what is happening.
Please try these two articles:
https://supportforums.cisco.com/docs/DOC-5796
Troubleshoot Connections through the PIX and ASA - Cisco SystemsCurrently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!) -
thehourman Member Posts: 723Thanks for the quick reply.
I think I found a solution to my problem. I configured a IPSec remote access VPN. And I am able to access my Cisco rack now. I think this is the better option because I can now access my IP PDU which only supports telnet.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold