Registered users    
MembershipMembership:
Latest New UserLatest:Tim Whiteside
New TodayNew Today:18
New YesterdayNew Yesterday:7
User CountOverall:23106
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12634
Marina Roos12290
Eriq Neale2105
Michael Patrick1906
Stan Guinn1847
Robert Pearman1728
Nick Pieters1425
Stewart Brown609
Kevin D.563
william warren548
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Smallbusiness Server > Small Business Server 2003
Subject: sbs 2003 std and cisco asa5500
Prev Next
You are not authorized to post a reply.

Author Messages
Mark Squicquero User is Offline
United States
Member since
2/18/2006

Platinum Membership
Posts: 71
6/26/2008 09:33 PM  
I'm about to replace my current firewall appliance with a Cisco ASA 5500.  I was hoping that some intrepid adventurer here has already successfully done so.  If anyone has, I'd apreciate any tips or gothcha's before wading in.
 
Thanks,
Mark
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12290
8/31/2008 01:42 AM  
Hi Mark,

Did you figure this out yet?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Mark Squicquero User is Offline
United States
Member since
2/18/2006

Platinum Membership
Posts: 71
8/31/2008 06:34 AM  
Hi Marina,

I've installed the ASA 5505 and it working fine. I was just looking for any tips regarding the ACL to be sure I wasn't creating any unnecessary openings in the firewall. I just created entries to allow the ports that I had open on the old firewall entry into the outside interface. The only question that I have now is regarding the type of NAT that I'm using. The Cisco 5505 allows many different types of NAT. The information that I was able to find suggested that I use port address translation, since all inside hosts use a single ip address on the outside interface. It works fine with one exception: I can't use RWW any more. I found confirmation of this in an explanation of how port address translation works. The vendor that I bought the Cisco from suggests that I use VPN instead for security reasons. I didn't really use RWW very often any way so I'll take his advice and explore the world of VPNs now!

Thanks,
Mark
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12290
9/01/2008 04:30 PM  
Hi Mark,
 
For RWW you need to forward port 443 and 4125, just like you would forward other ports.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Mark Squicquero User is Offline
United States
Member since
2/18/2006

Platinum Membership
Posts: 71
9/01/2008 05:48 PM  
Hi Marina,

I am forwarding the same ports that I was on the old router, including 443 and 4125. The problem is the type of NAT. The PAT (port address translation) that is in use only allows outbound connections. In order to allow inbound connections I would have to use Static NAT. Since I'm using SBS2003 Std. with two nics, I suppose that I could create a static address translation using the outside of the SBS as the inside of the ASA 5505. I'm actually doing that now but using the PAT to convert all of the inside host addresses to a single outside static IP address. My old router had only one type of nat so it was a no brainer. The Cisco is very granular in it's approach , much like ISA server. I was hoping someone else had gone through this configuration and had a working ACL that would allow for the unique bidirectional needs of SBS. I haven't been able to locate one yet so it has been trial and error thus far. As soon as I have a chance I'll experiment with Static Nat which should work since the Nat in SBS is already translating all the inside hosts to a single SBS outside address. I'll let you know how it works out. I probably won't get to it until next weekend.

Mark
You are not authorized to post a reply.
Forums > Microsoft Smallbusiness Server > Small Business Server 2003 > sbs 2003 std and cisco asa5500


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.2500032 seconds.   :   Terms Of Use   :   Privacy Statement