ASA 5505 how to create a port forwarding rule

Similar Messages

• How to set up port forwarding on extreme with NAS

  I've purchased a NAS (Synology DS211j with 2 caviar HD) over a month ago. Setting up the NAS for wireless connection locally was easy. I've been trying for 3 weeks on how to set-up port forwarding on my airport extreme base. I''ve researched and read countless threads on port forwarding and still cannot grasp the concept and the step by step provided.  I need somebody that's patient enough to hand hold and guide me through this frustrating problem.
  Equipment:
  Comcast cable modem connected into Airport Extreme Base
  Synology DS211j connected to Airport Extreme Base
  Problem:
  Cannot connect to my DiskStation via internet from wherever
  confused whether to use FTP or Personal file sharing or whatever is the most suitable for my needs
  Just need to access files on my DiskStation view/upload/download from wherever I'm at, whether on PC or Macbook Pro
  Thanks in advance!
  Marcus

  Here are the basic steps to configure your NAS for port mapping:
  AEBSn - Port Mapping Setup
  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  1. Reserve a DHCP-provided IP address for the host device.
  AirPort Utility > Select the AEBSn > Manual Setup > Internet > DHCP tab
  On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  Description: <enter the desired description of the host device>
  Reserve address by: MAC Address
  Click Continue.
  MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
  IPv4 Address: <enter the desired IP address>
  Click Done.
  2. Setup Port Mapping on the AEBSn.
  AirPort Utility > Select the AEBSn > Manual Setup >Advanced > Port Mapping tab
  Click the "+" (Add) button
  Service: <choose the appropriate service from the Service pop-up menu>
  Public UDP Port(s): <enter the appropriate UDP port values>
  Public TCP Port(s): <enter the appropriate TCP port values>
  Private IP Address: <enter the IP address of the host server>
  Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
  Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
  Click "Continue"
  (ref: "Well Known" TCP and UDP ports used by Apple software products)

• Two web servers cant use same port forwarding rule???

  I have two web servers, each configured to respond to http reqests on port 80.  I use NoIP service to map a domain name to my router. I create a port forwarding assignment for Server A by selecting the WebServer rule in the port forwarding rule table.  All is fine.  For Server B, I select the same Webserver rule and the router says there is a conflict.
  I don't understand why.  I think the router has enough information to route a http request for Server B by knowing its MAC address, which is different than Server A MAC address.
  What am I missing here???
  I was able to do this on my previous router with DD-WRT.....
  So it would appear the way to resolve this is to assign a different port address to Server B???
  grrrrrrrrrr I hate this router

  You shouldn't have been able to do that on any router.  You have to change the listening port of server 2, to 8080 or something like that, or make one a secure server and run it over 443
  That is a known issue with port forwarding
  Problem #8:
  Same Port in Multiple Rules
  There are some routers such as Linksys, D-Link and many others that do not do any checks if a port is already in another port forwarding rule. A port can only be forwarded to one Computer/IP at a time. So when there are multiples of the same port number the port forwarding rule will not work.
  Here is an example.
  As you can see port 2350 is in 2 rules. The 1st one points to a different IP than that of the 2nd rule. So the router will honor the 1st rule and the 2nd port forwarding rule to port 2350 fails.
  By removing the 1st rule the 2nd one will now work.

• Publish the port forwarding rules and req. for customers to use the FiOS TV features they pay for!

  Please read this thread and vote.
  http://forums.verizon.com/t5/Share-Your-Ideas-with​-Verizon/Publish-the-port-forwarding-rules-and-req​...

  Here they are, but - yes it would be great if Verizon published these, or at the very least linked to Actiontec's Website, where they publish the rules as well.   or at least sticky some of these instructions here in the forums.   
  Instructional Video's and step by step detailed instructions for port forwarding
  How to enable BASIC Port Forwarding on the MI424WR Verizon FiOS Router (actiontec.com)
  How to Configure Advanced Port Forwarding on the MI424WR Verizon FiOS Router  (actiontec.com)
  PCWintech's guide to portforwarding for the actiontec MI424WR (Verizon Firmware)
  PCWintech's guide to portforwarding for the Westell 327w DSL Modem
  PortForward.com
  I put my vote in. 
  EDIT:  I Didn't realize you were asking for the port forwarding rules to the features, I should have read better.     But yes I agree with that too.   

• Port Forwarding Rules

  I had to do a factory reset on my MI424WR router while trying to get a security DVR accessable from the outside. I noticed that I have far fewer port forwarding rules now than before the reset.  Does anyone have a list of rules I "should" have. Or maybe a config file I can load? 
  The issues now are that I lose connectivity with the net after the router runs for a couple hours.  I also lose the ability to log into the router.  Resetting the router clears it for a while, but then it dies again. 

  The rules that should be in the router should be applied by Verizon or added by the router automatically as time goes on. For your case, just re-create your rules and see if anything breaks.
  For the router deal, consider disabling services like UPnP, the IGMP gateway, and the Firewall so the router runs in simplest form. Alternatively,  see if you can narrow down the disconnects down to a specific device or with bad Coax if you have a coax connection back to the ONT. Failing that, consider asking for a new router from Verizon. 
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Lync Edge and Proxy server public DNS records port forwarding rules

  Hi All
  I have question in regards to port forwarding rules for port 443 of simple url.
  I have 4 public ip addresses.
  1 edge server (4 nics , 3 running with different ip for sip, meet and dialin in DMZ network, 1 connected to internal local network).
  1 proxy server (2 nics, 1 running with an ip which is in DMZ same as edge, and 1 connected to internal local network)
  1 front end (lync 2013 standard installed.) connected to internal local network
  1 office web apps . connected to internal local network
  The question is that I am using 3 public ip addresses respectively on public DNS records for sip, meet and dialin(av) and using port 443 which has been set on edge server. So , I can use 3 DMZ network ip address on edge for sip, meet
  and dialin (av) port forwarding from 3 public ip addresses as per in Microsoft document.
  However, I also have a reverse proxy .Hence, my understanding is all public DNS records except SIP and port 443 should be pointed and port forwarded to reverse proxy ip address which is in DMZ network as it would redirect 443 and 80 to 4443 and 8080 to front
  end.
  Now the question has been clear, if simple URLs public DNS record and port forwarding rules for port 443 should be pointed to reverse proxy server, why they need to be set on each ip address and port number in Front end server topology to edge server?
  If anyone knows, please give a help how to set it correct and what is supposed to be a correct configuration for a topology lync 2013

  Hi George
  Thanks for your reply. Attached is my topology which could make my it bit clear. You may see the public dns host record from the image. I set sip, meet, dialin , and owa 4 host records. The first 3 records are pointed to lync edge by doing a NAT with port
  443 which is the same as per you said. However my understanding is they should be pointed to reverse proxy instead as for instance, I need meet.xxx.com with port 443 to be redirected to port 4443 through reverse proxy server to the front end. So when the external
  customers who do not have lync client installed to their machine then we can shoot a lync meeting and send to them via outlook and they just need to click on join lync meeting link in the email to join in such a meeting based on IE. (Is my understanding correct?)
  If lync web meeting works like so , then the question is why I need to set three SAME addresses in front end topology builder for edge and make them point to edge server instead?　
  １. Access Edge service (SIP.XXX.COM) ---> I understand that it is used for external login lync front end.
  2. Webconf edge server(Can I set to meet.xxx.com which is the same as simple URL that points to reverse proxy?) ----> If I can set this address to be the same as simple url address that points to reverse proxy, why should it need to be NATed to edge
  instead? TO BE HONEST, if I HAVE tested, if I set this url as sip.xxx.com which means to use a single FQDN and ip address with port 444 and points simple url meet.xxx.com to reverse proxy, it will still work to join lync meeting sent by
  outlook.I DO NOT REALLY UNDERSTAND WHAT this URL used for at this stage.
  3. AV edge --- same as webconf
  Regards
  Wen Fei Cao

• How to create variables in payroll rules

  Hi Experts,
  Can you please let me know how to create variables in payroll rules and how to assign values to them.
  Please share some documentation on this topic.
  Thanks so much,
  Uttama

  Hi Vijay,
  Variables can be created for -
  Char Values
  Texts
  Formula elements
  hierarchy and its nodes
  For Characteristic Values -
  These are used to be filled by user in the query selection screen
  1.In the filter tab of QD, select the characteristic for which you want to create a variable,right click - >Restrict
  2.Select variabes from drop down
  3.Click Create new variable and then define its properties like "Processing By",Settings in Details tab etc and save it
  4.Move it to the right side and click ok
  Now you have created a variable and used it as a placeholder for that characteristic for which user can enter the value to act as dyanmic entry.
  Regards,
  Vineeth

• RV180W loses port forwarding rules when switching WAN connections

  We have a backup WAN connection in our office, but we switch this connection manually on our RV180W when the primary goes down. Our normal connection is ADSL with PPPoE, and the backup is Cable with DHCP.
  However, we also have some port forwarding rules for our VoIP PBX (UDP port 5060) as well as SSH, and these rules seem to stop working completely when we switch our WAN connection to our cable connection. We can still surf the web from our workstations, but our incoming phone calls and SSH connections all cease to work completely. The problem does not persist after we've switched back to our normal ADSL connection.
  This behaviour is completely bizarre and suggests that there's some kind of bug in the Cisco RV180W.

  helm,
  I'm sorry, I wasn't clear which IP address renewal I am speaking about.
  I believe that the problem is caused when the router renews the WHS's local IP address (192.168...). My WAN IP address remains unchanged througout the tests I performed and the problems I experienced.
  The very act of changing the local clients' lease time in the router's configuration causes the forwarding to be lost immediately. (I am gusessing that when the lease time is changed, the router immediately renews the lease and begins a new countdown.)
  (In fact, I might go as far as to say it is a bug in the firmware, but I haven't done enough testing to nail it down.)

• Port Forwarding Rule Added Via UPnP

  14:24:13, 27 May.
  (2110048.260000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
  14:23:34, 27 May.
  (2110008.940000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
  14:22:53, 27 May.
  (2109967.800000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
  14:22:10, 27 May.
  (2109925.160000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
  14:21:37, 27 May.
  (2109892.130000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
  14:21:06, 27 May.
  (2109861.170000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
  14:20:26, 27 May.
  (2109820.740000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
   Hi guys, would anyone be able to tell me what the above messages in my HH3's log mean?  My connection has been fine but I would like to know why this is happening every few seconds. 
  At first I thought it was because of a certain program I was using but it happens even when this program isn't running so I just don't know!!  Any help is appreciated.
  EDIT:  So I'm guessing it's something to do with having UPnP turned on.  The reason I'm asking is because I've seen other people's logs and they aren't filled with this message.

  Thanks, TommyBobbins.
  I will turn off UPnP and see what happens.
  I checked the logs again my computer has a lease of 192.168.1.64 - this IP address is also showing the same error in the logs. I suspect the other IP address, ending in 65 is my Dad's computer. He uses Windows and I use Mac.
  I'll keep you posted.
  EDIT:  Just turned off UPnP and that was OK.  I checked a program called uTorrent and it says the incoming TCP port (54488) is working.....I find this strange as I have portforwarding turned off... :s
  Any ideas?
  EDIT AGAIN:
  Just wanted to add this in:
  18:54:38, 27 May.
  (2126273.250000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->52503, internal ports: 52503, internal client: 192.168.1.65
  18:53:53, 27 May.
  (2126228.130000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->52503, internal ports: 52503, internal client: 192.168.1.65
  18:53:20, 27 May.
  (2126194.690000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->52503, internal ports: 52503, internal client: 192.168.1.65
  20:34:34, 27 May.
  (2132268.320000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
  20:34:31, 27 May.
  (2132266.240000) Port forwarding rule deleted via UPnP. protocol: UDP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
  20:34:29, 27 May.
  (2132264.190000) Port forwarding rule added via UPnP. protocol: TCP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
  20:34:27, 27 May.
  (2132262.050000) Port forwarding rule deleted via UPnP. protocol: TCP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
  As you can see it happens on different ports and UDP and TCP ports....
  Hasn't happened in the 20mins or so I've had UPnP turned off.  Still, I am curious as to what causes this.

• Maximum port forwarding rules in RVS4000 ?

  Hello,
  I'm wondering if there is a maximum number of port forwarding rule in the RVS4000.
  I can't find this information in the specs.
  Thanks in advance.

  great. so the better question is WHY is there a maxium? i need to set up many rules in my SMALL BUSINESS environment. this stupid sh!t is costing me A LOT OF MONEY

• ASA 5505, how to configure DMZ to Inside traffic flows

  Dear.
  We have a Cisco ASA 5505 with an outside, inside and DMZ interface.
  We really need all these interfaces.
  The DMZ interface has been configured to block any traffic to the inside (restrict traffic flow). This restriction can’t be disable, an error occurred when doing this.
  I will allow only one single port has access from DMZ to the inside, is that possible? And how?
  Thanks for the feedback.
  Regards.
  Peter.

  What i mean with "can't be disabled": when you navigate to Configuration/interfaces and select the DMZ interface / advanced, you can block traffic. By default Inside has been selected in the drop-down box. However, you can't leave it blank, you need to specify at least one. I can't create another, extra interfaces because the license is 3 max.
  So, my question is: can I create a rule somewhere to overwrite this setting for only one specific port? And how?
  Result of the command: "show version"
  Cisco Adaptive Security Appliance Software Version 8.2(5)
  Device Manager Version 6.4(5)
  Compiled on Fri 20-May-11 16:00 by builders
  System image file is "disk0:/asa825-k8.bin"
  Config file at boot was "startup-config"
  router up 100 days 1 hour
  Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
  Internal ATA Compact Flash, 128MB
  BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
  0: Int: Internal-Data0/0    : address is a44c.11bb.5492, irq 11
  1: Ext: Ethernet0/0         : address is a44c.11bb.548a, irq 255
  2: Ext: Ethernet0/1         : address is a44c.11bb.548b, irq 255
  3: Ext: Ethernet0/2         : address is a44c.11bb.548c, irq 255
  4: Ext: Ethernet0/3         : address is a44c.11bb.548d, irq 255
  5: Ext: Ethernet0/4         : address is a44c.11bb.548e, irq 255
  6: Ext: Ethernet0/5         : address is a44c.11bb.548f, irq 255
  7: Ext: Ethernet0/6         : address is a44c.11bb.5490, irq 255
  8: Ext: Ethernet0/7         : address is a44c.11bb.5491, irq 255
  9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
  10: Int: Not used            : irq 255
  11: Int: Not used            : irq 255
  Licensed features for this platform:
  Maximum Physical Interfaces    : 8        
  VLANs                          : 3, DMZ Restricted
  Inside Hosts                   : 50       
  Failover                       : Disabled
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 10       
  Dual ISPs                      : Disabled 
  VLAN Trunk Ports               : 0        
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          : Disabled 
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled 
  This platform has a Base license.
  Serial Number: xxxxxxxxxxxxxx
  Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Configuration register is 0x1
  Configuration last modified by enable_15 at 14:43:11.295 CEDT Mon Sep 9 2013

• Cisco ASA 5505: How to change the default OS

  Hello,
  I'm learning how to work on the Cisco ASA 5505. My machine has two OS images: the old 7. whatever image and a more recent 8.2 image. The 8.2 image is lower in the index on disk0 so whenever I reboot the machine, the start up points it towards the older image and I have to go into ROMMON to boot the newer OS. Could someone please guide me on how to change the position of the newer OS so that it's the default image? I'd like to do this without deleting the older image so that I can have a proof of concept.
  Thank you!

  Hi Colin,
  You could use the 'boot system' global command to force the ASA to the pointed image file.
  boot system flash:/image.bin
  Sent from Cisco Technical Support iPhone App

• How can I setup port forwarding for RDP (3389) using MHS291LVW?

  Hi,
  I went into my MHS291LVW and I enabled port forwarding.  I didn't see an option for Remote Desktop (RDP) so I added a custom application called RDP and I set "Global Port" and "Private Port" to port number 3389 and I set it as TCP/UDP and then entered the local IP (192.168.1.135) of the PC I want to connect to.  I made my local PC use a static IP so this 192.168.1.135 will never change.
  Then when I go under "About Jetpack" I see that there is a WAN IP address listed; so I wrote this down and then I tried to connect remotely to this PC from outside the Verizon Jetpack network but it didn't work.
  Then the strange thing is when I go to Google and type "what's my IP", Google shows me a different external WAN IP address that Verizon Jetpack showed me in the admin web interface.  Anyway, I tried this WAN IP address that Google gave me but it still didn't connect to my local PC.
  Can someone please help me in figuring out why this is not working?
  I've setup port forwarding on plenty of other routers (Linksys, Netgear, etc.), but I never tried it on a Verizon Jetpack MHS291LVW but it should work the same so I'm not sure why this is not working for me.
  Thank you!

  > If I can't use the "Microsoft Windows RDP" service because of the private IP; would I be able to use a software like "TeamViewer" to gain access to my PC?
  Yes.  This is how a VPN server works around the private IP address restrictions of the VZW network.  It will work and you will be able to access anything that is centrally connected to a VPN server. 
  > Also, if I were to take the VPN option and setup a VPN server on the PC
  Not on the remote PC silly guy.  Hosting a VPN from within the VZW network wont do you any good as its IP will be masked by the NAT firewall.  You must setup a VPN server off of the VZW network for it to work.  That way when you remote into the VPN server it is already outside of the VZW NAT that is restricting you in the first place.  There are many VPN vendors that you can test out and pay access for if you don't have any interest in setting up one on your own.  Some are free where others charge more money for more bandwidth and customization features.
  > If I were to try to connect to this PC on the JetPack side from an external PC on a different network I don't know how I would be able to access it since the JetPack IP address is private.
  The idea is that everything rests on the VPN server when remote connections are made.  The Jetpack PC, VPN Server and your current local PC all connect to the VPN server so everything is then local communication.  The VPN will make it appear as though everything is virtually connected to the same appliance even though they are physically separated by whatever distance you want.

• How do I do port forwarding on my airport extreme for my IP camera (foscam)?

  Hi,
  I've been working on this for what seems like a week.  I purchased a wireless security camera to put in my house and to see from my laptop (or IPAD2) when I'm away.  I am able to see it from either device when I'm here at home, but not when I'm out on the road. 
  According to the instructions for a mac setup, I needed to set up a DDNS service  and get a free account at DynDNS, which I did.  They also told me to use a different port than 80, suggesting 8081 as the http port which I plugged in to the camera device setting..  The next step is to do PORT FORWARDING and then I should be able to use my DDNS domain name and port number to login to my camera anywhere...
  I'm stuck in how to do this with my airport extreme.  I see where I have to go into utilities and click on airport utility, and then manual set-up..
  Right now when I click on the Internet tab at the top I see the connection sharing is off (Bridge Mode), and that I have to change it to share a public IP address to get DHCP and NAT to appear in the tabs..
  when I go to NAT, the box for enable NAT port mapping protocol is checked and then there is a tab I can click on that says Configure Port Mapping.
  I know that I'm supposed to click the plus button + to enter a service and a port and here's where I get stuck
  when I click the + button I can either click on the choose  a service tab, which then drops down a list of services like Personal File Sharing, Window Sharing, Personal Web Sharing, Remote Login SSH , etc, or just keep it where it says choose a service and not choose one of the services.
  Then there are some boxes to fill in for Public UDP Port(s), Public TCP Port(s),  PRIVATE IP address-where the only numbers I can change are the last ones and I don't know if I'm supposed to put the IP address of the camera or what?  and then the boxes for Public UDP and PUBLIC TCP.
  I tried a few times to fill out the port numbers to 8081 (the one I selected for the IP camera) but I don't know what to do for the private IP address. When I changed the last numbers to the IP address of my camera, and went to update, it told me that I  had to correct the 2 problems before updating:
  DHCP beginning address, and dhcp ending address...as the DHCP range you have entered conflicts with the  WAN IP address of your Airport wireless device.  So I cancel and am stuck.
  Sorry this is so long.. but I really can't get anyone to help me figure this out.. The camera company isn't answering ..
  Thanks!!
  Barry

  Thanks for the info. I checked the model number on the Westell site to get info on the device. From Westell's info.....
  1. Product Description
                          This ADSL modem is a NAT router with a four port 10/100BaseT Ethernet switch, a USB port and 802.11g wireless interface.
  So, while you might refer to it as a "modem" ( a modem will only have one Ethernet port), you have a router or gateway. A gateway is simply a modem and router in the same box.
  With the AirPort Extreme, you have 2 routers on the network. Basic networking rules dictate that when there are 2 routers, the first....your Westell.....must handlde DHCP and NAT,  and the second router....in this case the AirPort Extreme....must be configured to operate in Bridge Mode so that it will function correctly on the network. That's why the AirPort Extreme is in Bridge Mode. That is the correct setting on your network.
  That's also why you were getting the error messages when you tried to configure the Extreme as a second router.
  As I mentioned before, any port mapping or port forwarding is going to have to be set up on the "main" router....your Westell. It cannot be set up on the AirPort Extreme.

• How do I setup "port forwarding" on a Time Capsule on Mountain Lion?

  I am trying to set up a Foscam FI8910W so that I can access it remotely.  I have some tutorials about how to do it, but most seem to involve using an old OS and I'm getting hung up at the step that involves setting up port forwarding.  I have never done this before and I'm flummoxed.

  Tap AirPort Utility
  Tap the AirPort Extreme icon
  Tap Edit
  Tap Advanced
  Tap Port Settings
  Tap New Entry
  Enter the port type and values provided by the manufacturer