If not, you may still want to add the new internal subnet so that other servers behind the firewall can have access too.
If you were managing which subnets have access on the server’s software firewall, instead of doubling up your efforts you may choose to change the option to “Any computer” and let the Cisco ASA 5505 restrict by subnet.
Lastly, don’t forget to update the exceptions in the server’s software firewall! Select ‘Save the running configuration at time of reload’.Now to save and reload the box, click ‘Tools/System reload’.In the dropdown, select the service group we previously defined.
Under Destination Port, select the “Group” radio button.Under Destination, click the “…” button by IP address, and select the outside, world-routable IP address of the device you wish to allow access to.Under Source, change Type to “Network Object Group,” then select the group name we set previously.Change the Interface dropdown to “Outside” and make sure Direction says: “incoming.”.Click “Security Policy” on the left and then in the center pane, click “Add.”.Now to define which networks are allowed on which services.You probably want outside-network/24, which is the subnet of the units external interface. Choose a group name, for example: “office.”.Click “Add” and select “Network Object Group…”.You should create a group for each security level. For our setup, we have a few subnets that are all allowed access to all services, but you might want to restrict more. Next, we want to define groups of IP addresses that are allowed to access different services.Type in “3306” to “3306” and click the “Add >” button. Type in “3389” to “3389” and click the “Add >” button. Type in a “Group Name” such as “remotedesktop.” Next type in “445” to “445” and click the “Add >” button. Type in “137” to “139” and click the “Add >” button. Type in a “Group Name” such as “fileshare.” This is helpful (especially http and https), but there are probably services you’ll use that aren’t listed here. You’ll see a list of pre-defined services.Click the “Services” tab in the right pane. First, we are going to define the services we want to let through.So, to use our internal IP address as a server, we need to open the firewall to allow traffic to come to this device.
Now all packets which are allowed through the firewall and are addressed to the outside IP address we just named will be delivered to the internal IP address.
Otherwise, the default username and password is to leave both blanks.What is NAT? It stands for Network Address Translation.
DHCP is enabled on the cisco device, and it’s internal IP address is now 192.168.1.1