cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


360
Views
0
Helpful
4
Replies
Highlighted
Beginner

ASA 8.4 portforwarding.

Hi all,

I have an issue with portforwarding in my teleeye cctv behind asa 8.4.

I can browse the DVR outside  via http however when i attempt to login, "server busy" will prompt afterwards.

Note: Theres no issue when acesssing the DVR locally.

Heres my config.

OUTSIDE INTERFACE:

interface Ethernet0/3

speed 100

duplex full

nameif bayan

security-level 0

ip address 10.10.10.2 255.255.255.252

INSIDE INTERFACE:

interface Ethernet0/0.249

vlan 249

nameif internal

security-level 100

ip address 1.1.1.1 255.255.255.0

OBJECT NETWORK:

object network cctv

host 1.1.1.10

STATIC NAT:

object network cctv

nat (internal,bayan) static interface service tcp www 28188

OUTBOUND ACL:

access-list internal_access-in extended permit tcp host 1.1.1.10 eq www any log

INBOUND ACL:

access-list outside-in extended permit tcp any host 1.1.1.10 eq www

ACCESS-GROUP:

access-group internal_access-in in interface internal

access-group outside-in in interface bayan

Note: The box have CSC-SSM, is there a connection with the configuration of the module?

Thanks.

Everyone's tags (3)
4 REPLIES 4

ASA 8.4 portforwarding.

Hello Roel,

You meant to say that, when you browse the server using outside interface,, you are getting page ? and when you give username and password , you are getting the error ? is that the issue ?

regards

Harish

Beginner

ASA 8.4 portforwarding.

Hi Harish,

Yes, that is the issue.

Is there something wrong with my configuration?

Thanks,

Roel

ASA 8.4 portforwarding.

Hello Roel,

Can you modify the inside acl as follows ad try

access-list internal_access-in extended permit ip host 1.1.1.10 any

I suspect the reverse traffic is somehow getting blocked

regards

Harish.

Beginner

ASA 8.4 portforwarding.

Hi Harish,

Client informed that they modify http port of their DVR to 1024.

I change www in my nat and acl to 1024 and it works.

Thanks,

Roel