ASA 8.4 portforwarding.

Roel Tiongson · ‎11-06-2012

Hi all,

I have an issue with portforwarding in my teleeye cctv behind asa 8.4.

I can browse the DVR outside via http however when i attempt to login, "server busy" will prompt afterwards.

Note: Theres no issue when acesssing the DVR locally.

Heres my config.

OUTSIDE INTERFACE:

interface Ethernet0/3

speed 100

duplex full

nameif bayan

security-level 0

ip address 10.10.10.2 255.255.255.252

INSIDE INTERFACE:

interface Ethernet0/0.249

vlan 249

nameif internal

security-level 100

ip address 1.1.1.1 255.255.255.0

OBJECT NETWORK:

object network cctv

host 1.1.1.10

STATIC NAT:

object network cctv

nat (internal,bayan) static interface service tcp www 28188

OUTBOUND ACL:

access-list internal_access-in extended permit tcp host 1.1.1.10 eq www any log

INBOUND ACL:

access-list outside-in extended permit tcp any host 1.1.1.10 eq www

ACCESS-GROUP:

access-group internal_access-in in interface internal

access-group outside-in in interface bayan

Note: The box have CSC-SSM, is there a connection with the configuration of the module?

Thanks.

Harish Balakrishnan · ‎11-06-2012

Hello Roel,

You meant to say that, when you browse the server using outside interface,, you are getting page ? and when you give username and password , you are getting the error ? is that the issue ?

regards

Harish

Roel Tiongson · ‎11-06-2012

Hi Harish,

Yes, that is the issue.

Is there something wrong with my configuration?

Thanks,

Roel

Harish Balakrishnan · ‎11-06-2012

Hello Roel,

Can you modify the inside acl as follows ad try

access-list internal_access-in extended permit ip host 1.1.1.10 any

I suspect the reverse traffic is somehow getting blocked

regards

Harish.

Roel Tiongson · ‎11-07-2012

Hi Harish,

Client informed that they modify http port of their DVR to 1024.

I change www in my nat and acl to 1024 and it works.

Thanks,

Roel