Skip to main content

Port config on ASA 5505

More
15 years 3 months ago #30629 by Five
Port config on ASA 5505 was created by Five
Hi !

Im pretty new on this so please be patient with me.

I used to have a D-Link router/firewall but it broke so i got an ASA 5505. I have a 30Mb cable internet connection. The ASA gets the external ip-address from via DHCP from the ISP. My internal network is 192.168.1.0/24.

I have a game server 192.168.1.10 that is hosting a game on tcp-port 29003. On my D-link i just opened that port and pointed it at the server but now im totally lost.

Can someone please tell me how to open up that port so that gamers will be able to access it from the internet ?

I can add that i have tried reading the howtos at Cisco.com but that only made me more confused :oops:

All help will be gladly accepted.

Thank you !
More
15 years 3 months ago #30632 by sys-halt
Replied by sys-halt on topic Re: Port config on ASA 5505
I have no previews experience with ASA 5505 and such scenario. I only faced port forwarding with static assigned IP address to ASA5505.

Here is what is required if it has a static fixed external IP to forward request to internal Bastion Host:

1. Create Access List
2. Create conduit
3. Assign Access List to the Outside Interface

example:
External IP address on Outside Interface: 172.16.1.1
Internal IP Address on DMZ/Inside Interface; 192.168.1.10

[code:1]
ASA>enable
ASA#configure terminal
ASA(config)#access-list 101 extended permit tcp any host 192.168.1.10 eq 29003
ASA(config)#static (inside,outside) 172.16.1.1 192.168.1.10 netmask 255.255.255.255
ASA(config)#access-group 101 in interface outside
[/code:1]

I hope I am not wrong with my example, long time for such configuration, but I hope this might be helpful to you in some way or to give you some insight.

good luck
More
15 years 3 months ago #30642 by Five
Replied by Five on topic Re: Port config on ASA 5505
sys-halt:
I will try you config and get back. Thank you very much. :D

edit:
I got some problem with the "static-thing" since the external address can change.

Here is a description of what i want to do:

File Attachment:
More
15 years 1 month ago #31367 by faisal4u2
Replied by faisal4u2 on topic Re: Port config on ASA 5505
You need to purchase static ip address there is no other way
More
15 years 1 month ago #31445 by devmonkey
Replied by devmonkey on topic Re: Port config on ASA 5505
... or just use the "interface" tag when referring to the external IP address. This will pull the active IP address from the named interface (eg, inside or outside depending on your rules).

[code:1]ASA>enable
ASA#configure terminal
ASA(config)#access-list 101 extended permit tcp any host 192.168.1.10 eq 29003
ASA(config)#static (inside,outside) tcp interface 29003 192.168.1.10 29003 netmask 255.255.255.255
ASA(config)#access-group 101 in interface outside
[/code:1][/code]
Time to create page: 0.138 seconds