Port Forwarding on Cisco ASA Firewall

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys ansel sultan here from networkerson so today's our topic is port forwarding so come to the our topology so this is my topology you can see here the topology is remain same it's like a previous lab this is my internet this might be one site in this viewer side i have some routers and pc and this is my b2 site in the visual b2 site i have some server like http server https server ssh server so in a port forwarding whatever what i'm going to do here this is my internet user this internet user wants to access this http server so in a normal scenario if i sending the http request so the destination ip address is 10.0.0.1 okay but this is our private ip address and the private ip address is not routable to the internet table the internet and also we have to hide our private ip address like this is my server ip addresses so we have to hide our server private ip address to the external user so what i am going to do here when any user when he when any outside user wants to access this server http server or https server or ssh server so for the outside world the my destination ip address is this g zero by two ip address like 192 168 255.151 so my destination ip address like for this user 192.1 and is going to use http server so according to this so according to this port number it it's going to redirect your packet okay so means this is users wants to use port number 80 means http server so this packet we have to redirect to this server suppose any user wants to access 443 part number means https server so our router checking port number okay this port number is 443 so we have to redirect our packet to this server same as it for 23 as is redirecting that packet to the ssh okay so for this lab i have to configure http server here in this way and this device https in this device and ssh in this router okay you can see here this is our ip addresses so open your devices and configure it http https and the ssh so this is my express machine so i am going to configure http https and ssh service on in these three devices quickly so create one notepad for configuration not paired this is for http so interface g zero by zero then you have to give ip address ip addresses to android 0.0.1 with slash 24 subnet mask no shutdown exit i have to give default route out for m0 my default gateway is 10.0.0.10 then i have to enable http service here so command is ip http server then ip http authentication local local because i am going to use my local database i am not going to use triple a server or something because in currently i don't have any servers that's why i'm going to use local local database so for local database i have to create one username username ccna with various15 and the password also ccna or other you can i can use cci now https this configuration for http http server and also enable config t and i'm going to change the host name host name is http underscore scr http server one same as it for this pc this https server and here i have to mention https server https server 2 the ip address is dot 2 interface remains same i paid out same and here we have to change some yeah here there is some modification the ip http secure server we have to mention ip http secure server rest of command will be even same the next command is the next configuration device is ssh device control v and this is my ssh ssh ip address is dot 3 route is remain same username remain same but here we have to enable the ssh so line vty space 0 space 4 log in local transport input all exit i have to define some domain name so ip domain name my domain name is i'm setting ssh then i have to create crypto key generate rsa module 1024 okay so this is the command now this command i'm going to paste in each and every devices like for http i'm going to copy this code for https for https configuration in this device and for ssh this configuration so quickly i'm going to copy and paste come to the internet explorer http https and ssh http and the configuration is this one just copy and paste configured come to the https copy the command copy paste then come to the ssh copy the command copy paste okay i have some problem here modules1024 okay done so our servers configuration has been done so now come to the come to the essay my essay also is a fresh machine so i'm going to quickly assign some ip address first hostname is a 2 interface g 0 by 2 you can see here g 0 by 2 ip addresses also do one thing i am just going to create one more notepad for this one sa2 hostname is sa2 interface g0 by 2 then ip address is 192.168.255.151 with the slash 24 subnet mask no cert name if in namif is outside exit interface g zero by three zero by one then i p address ipad assist android zero to zero to ten so i am still at 25 24 no cert then i have to define name if name if inside exit and also i have to define default route so route outside and my for getting internet the my default gateway is 255.1 just copy this code copy explorer asa2 paste again copy paste okay outside some spelling mismatch again copy it's now done check the internet connectivity being 8.8.8.8 so you can see we have our internet connectivity so now our the main task so you can see here we have a three or three server we have a three server http https and ssh so i am going to create three object for these three devices so again come to the asa so i am going to create three objects object network and the s1 and the host ip address is 10.0.1 and and i'm going to create net for this host and i can create net here also net inside why i'm mentioning inside because when this request coming for from the internet and it's reached to the http and when it's going to the reply at the reply time my source ip resist android 0.0.1 and i have to re translate i had to translate by the source ip address into the public ip address so for i'm translating my packet during the reply packet so reply packet coming from inside to outside so that's why in essay i mentioned here inside and it's going to outside and here i'm going to mention static static means this is inside inside ipad this is a static and this inside ipad is taking by taken by this 10.0.0.1 and this just outside for the outside for the translation i'm going to use interface and here i have to define service service tcp and this 10.0.0.1 is my http service means http server so here i have to mention http for source and also for the destination for the mapper http hit enter exit now i created the one log objective okay so i created one object come to the topology so i say this internet user is sending some data from outside world to the inside of this zone of this branch b2 so you know the behavior of asa firewall any packet coming from lower level security low level security to high level security so by default our packet will be dropped so for allowing this packet from zero security level to the 100 security level we have to create one access list so for allowing this packet i am going to create one access list so access list the access list name is allow out you can also you can choose any name allow out permit tcp because i am allowing http request from outside to inside and http is is a tcp based protocol so tcp then my source source can be any like it is outside user inside user any user so for the source ipads i have to mention any but the destination i am going to mention specific ip address 10.0.0.1 and here i have to mention question mark equal you can see equal part equal to operator so you have to use eq eq as a which which port number you are using my server one http server is using a port number 80. i can use 80 or either i can use http name okay hit enter so i created one access list now i have to allow this like i have to mention this access list on an interface so access group allow underscore out accessories name the direction is in so my access list behavior is in in because it's coming from outside to inside means this http means this http request is coming from this user outside user to in our premises so for this asa this http request is coming from outside so the behavior is in and on this interface means this interface logical name is outside so come to the essay packet behavior is the in and the interface is outside hit enter okay now come to the this external user's pc okay this is my external pc and this test123 check the ip address of this device of this pc come to the cmd and because in a previous lab i already assigned the ip address but for verification check ipconfig so you can see here my ip address is 198 168 2558.152 and the default gateway is 255.1 now open this browser from browser and try to access gui of this server gui of this server http http server okay type here http http columns less less i have to mention here my default my gateway ip address my get noto gateway is the outside interface ip address asa outside interface ip address so my outside asa interface ipr this is 192 168 255.151 so come to the come to the windows pc again and hit enter here see we go to the log not log we got the prompt here we have to type our username and password cci ccna and cci so you can see here this is my http server one for verification you can come here and check see the host time is http server one so ip interface brief and same as come to this here click on 15 and check so i play interface brief you can see here i'm in this this user this pc 10.0.0.1 okay this is my router ipad http server ip address but i am accessing through this ip address 192.168.255.1 okay so similarly similarly i am going to create object for object network server 2 hostname 10.0.0.2 net direction same inside to outside static outside interface here we have to define service service is a tcp based service and here i have to define https for source and https for mapped exit same as for semis for server three so again object network s3 here i have to define hostname 10.0.0.3 net from inside to outside static interface then service tcp and real real port number is ssh and map port number also ssh so run object so you can see here i created three object and also so run net i created three net now i have to create access list for this https and ssh also you can see here currently i have a so run access list i have only one access list so come to the config mode config t this access list is remain same just we have to change the host name and our service so my host name is 10.0.0.2 this is my https and equal to port number we have to define https either you can define https or you can mention number like 443 same is for ssh so 10.3 equal to ssh hit enter so again check so run access list so i have a three access list and in a and already i allow already i mentioned this access list on an interface outside outside interface and the behavior is in check so run access group you can see here now again come to the hour this pc outside pc and try to take ssh access not xsh https service like http s colon slash less we have define 192.168.255.151 hit enter it took time because this is a virtual pc so and i and i give only 3gb ram for this pc okay you can see here your connection is not private so simply i'm going to allow process process to 192.168.255.151. it took time meanwhile i am going to take my put t access like ssh access 192.168.255.151 open yes login as a ccna password user cci you can see ssh so my http and ssh is connection successfully again try to access process to 192.168.255.151 process come to the essay you can see here so connection this 192.168.255.153 is translated with this 10.0.0.80 for 10.303 is translated with 22 and with this port number it will translate with 10.0.0.2 for the https and also you can see here so accelerate table currently i have only one connection this for 10.0.0.1 the port number is 80 then 10.0.0.2 for https and 10.0.0.3 for ssh so this is our practical thank you
Info
Channel: NETWORKERSHOME
Views: 758
Rating: undefined out of 5
Keywords:
Id: LV94a8SNpuU
Channel Id: undefined
Length: 24min 24sec (1464 seconds)
Published: Wed Mar 17 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.