- Posts: 1
- Thank you received: 0
ASA 5505 DMZ and passthrough ports
16 years 10 months ago #23935
by Selket
ASA 5505 DMZ and passthrough ports was created by Selket
I recently inhertited a network with an ASA 5505 in a remote office. I have a server there that needs to be placed into a DMZ on that ASA (Plus Security License already applied). I also need to allow specific port traffic to pass through.
I have created an Object-group:
Object-group service SERVER tcp
description TCP Passthrough Ports
Port-object range XXXX-XXXX
Port-object range xxxx-xxxx
Port-object range eq xxxxx
and an access list outside_access_in:
access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER
and applied this access list to the outside interface:
access-group outside_access_in in interface outside
Is this correct? And how do I associate the DMZ Server with this?
Thank you much,
S
I have created an Object-group:
Object-group service SERVER tcp
description TCP Passthrough Ports
Port-object range XXXX-XXXX
Port-object range xxxx-xxxx
Port-object range eq xxxxx
and an access list outside_access_in:
access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER
and applied this access list to the outside interface:
access-group outside_access_in in interface outside
Is this correct? And how do I associate the DMZ Server with this?
Thank you much,
S
- skepticals
- Offline
- Elite Member
-
Less
More
- Posts: 783
- Thank you received: 0
16 years 10 months ago #23939
by skepticals
Replied by skepticals on topic Re: ASA 5505 DMZ and passthrough ports
Have you configured the DMZ interface on the ASA?
16 years 10 months ago #23942
by sp1k3tou
Replied by sp1k3tou on topic Re: ASA 5505 DMZ and passthrough ports
Just like skepticals said you will need to configure a port on that ASA as a DMZ port. Also you will need to assign your access list to whatever you named the DMZ interface.
Post a show run so we can see your full configuration along with a show ver so we can see if that port is active after the security license has been applied.
Post a show run so we can see your full configuration along with a show ver so we can see if that port is active after the security license has been applied.
16 years 9 months ago #24105
by Elohim
Replied by Elohim on topic Re: ASA 5505 DMZ and passthrough ports
An analysis of the services being offered by that server will determine what port needs to be opened. YOu can't just open ports without knowing what services are offered. If that's the case, just open for everything.
I recently inhertited a network with an ASA 5505 in a remote office. I have a server there that needs to be placed into a DMZ on that ASA (Plus Security License already applied). I also need to allow specific port traffic to pass through.
I have created an Object-group:
Object-group service SERVER tcp
description TCP Passthrough Ports
Port-object range XXXX-XXXX
Port-object range xxxx-xxxx
Port-object range eq xxxxx
and an access list outside_access_in:
access-list outside_access_in extended permit tcp any host (outside IP) object-group SERVER
and applied this access list to the outside interface:
access-group outside_access_in in interface outside
Is this correct? And how do I associate the DMZ Server with this?
Thank you much,
S
Time to create page: 0.122 seconds