Question

Locked

ASA 5505 NAT configuration

By Bowman ·
I am setting up a new ASA 5505 for static ip. I am trying to setup RDP to specific internal IP addresses runing NAT. I have tried 2 different configurations and I still cannot RDP into 192.168.0.18. Here is the cfg.

names
name 192.168.0.10 NT1 description Email Server
name 192.168.0.11 NT2 description Web Server
name 192.168.0.19 Bob-Bloom
name 192.168.0.21 Jason-Pate
name 192.168.0.18 Mike-Merk
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.4 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address XX.230.227.162 255.255.255.224
!
interface Vlan3
shutdown
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
switchport access vlan 3
!
interface Ethernet0/7
switchport access vlan 3
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq www
port-object eq https
port-object eq smtp
object-group service DM_INLINE_TCP_2 tcp
port-object eq 3389
port-object eq ftp
port-object eq www
access-list outside_access_in extended permit tcp any host NT1 object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any host NT2 object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any host Mike-Merk eq 3389
access-list outside_access_in extended permit tcp any host Jason-Pate eq 3389
access-list outside_access_in extended permit tcp any host Bob-Bloom eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) XX.230.227.163 NT1 netmask 255.255.255.255
static (inside,outside) XX.230.227.164 NT2 netmask 255.255.255.255
static (inside,outside) XX.230.227.165 192.168.0.12 netmask 255.255.255.255
static (inside,outside) XX.230.227.166 192.168.0.13 netmask 255.255.255.255
static (inside,outside) XX.230.227.167 192.168.0.14 netmask 255.255.255.255
static (inside,outside) XX.230.227.168 192.168.0.15 netmask 255.255.255.255
static (inside,outside) XX.230.227.169 192.168.0.16 netmask 255.255.255.255
static (inside,outside) XX.230.227.170 192.168.0.17 netmask 255.255.255.255
static (inside,outside) XX.230.227.172 Bob-Bloom netmask 255.255.255.255
static (inside,outside) XX.230.227.173 192.168.0.20 netmask 255.255.255.255
static (inside,outside) XX.230.227.174 Jason-Pate netmask 255.255.255.255
static (inside,outside) XX.230.227.175 192.168.0.22 netmask 255.255.255.255
static (inside,outside) XX.230.227.176 192.168.0.23 netmask 255.255.255.255
static (inside,outside) XX.230.227.190 192.168.0.1 netmask 255.255.255.255
static (outside,inside) Mike-Merk XX.230.227.171 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 XX.230.227.161 1

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

bad static for mike-merk

by SYNner In reply to ASA 5505 NAT configuratio ...

bad static definition for mike-merk (192.168.0.1.

Collapse -

RE: Bad Static

by NetMan1958 In reply to bad static for mike-merk

To expand on what SYNer said,
static (outside,inside) Mike-Merk XX.230.227.171 netmask 255.255.255.255 is backwards, it should be
static (inside,outside) XX.230.227.171 Mike-Merk netmask 255.255.255.255
Like the one above it:
static (inside,outside) XX.230.227.190 192.168.0.1 netmask 255.255.255.255

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums