cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
418
Views
0
Helpful
3
Replies

Port-Forwarding Issue on ASA.

Ezequiel Pineda
Level 1
Level 1

Hi all,

I am facing an issue, a weird one in this case.

I have a 5505 ASA with Basic License and the following scenario:

Vlan1: 192.168.1.0/24 Inside

Vlan2: DHCP from ISP's Outside

Vlan3: 172.16.1.0/29 DMZ (nothing connected here yet)

 

I have NAT from inside to outside working just fine.

I have two devices that i need to access from outside:

 

DeviceA: Cisco IP Camera

DeviceB: Raspberry-Pi Linux Box.

 

I have access to the Camera however, not to the Raspberry-Pi, even though the configuration is the very same for both of them. Here I attach a few screenshots.

 

I am very confused, access to the camera works just fine, the config for the raspberry is the same, and ssh is listening on port 22.

The only thing i can think of is that it conflicts with the SSH service listening on the ASA itself?

 

Advise?

 

Thanks,

 

Cheers

 

 

3 Replies 3

Ezequiel Pineda
Level 1
Level 1

UPDATE

 

Normally I would have to define a "destination" device in order for this to work.

If i configure it with the destination IP (aka the private IP of the camera or PI) then it does not work.

 

If i configure the destination to be ANY, then it works, is this normal?

Here is part of the config related to this issue:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ciscoasa# sho run | inc access-list
access-list outside_access_in extended permit tcp any any eq ssh
access-list outside_access_in extended permit object-group TCPUDP any any eq www
threat-detection statistics access-list
ciscoasa# sho run | inc static
static (inside,outside) tcp interface ssh Raspberry-PI ssh netmask 255.255.255.255
static (inside,outside) tcp interface www Camera www netmask 255.255.255.255
ciscoasa#

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Regards,

 

Ezequiel

balaji.bandi
Hall of Fame
Hall of Fame

What version of RPi and what distro running, are you sure the SSH Service running on Rasberrypi,

 

Some time fw up default on Linux environment, try and see iptables(FW) running,  iptable -xnvL see any FW rules under Rasberry pi.

 

If running flush the rules, iptables -F, you can monitor the logs in FW see any packets dropping at FW end, if FW build the connection, you can run tcpdump in Linux see if the traffic received by Linux.

 

BB

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

 

I have tried the above mentioned config, and it works. The issue is not on the Raspberry-Pi, i can SSH into it just fine only when i configure it in such a way. Here is a screenshot of it.

 

Note that the "destination" is set to "any" where I would normally configure the real IP of the inside device, but if i configure it with the real IP, the it doesnt work. It works right now and i can access both, the camera and the raspberry from the outside.

 

Cheers,

 

Ezequiel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: