03-06-2009 12:58 AM - edited 03-11-2019 08:01 AM
Hi.
I try to configure Port forwarding on a ASA 5505.
Inside it's a SBS 2008 that need to be reached from the outside on port 25, 80, 443 and 987.
I am using ASDM to configure, but running Packet Tracer gives an NAT error that drives me crazy. See attachments for error and configuration.
Running Config is:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
names
name 192.168.1.101 SBS2008 description SBS 2008 server
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 82.xxx.xxx.xxx 255.255.255.248
!
interface Vlan12
no forward interface Vlan1
nameif dmz
security-level 10
ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 12
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns domain-lookup dmz
dns server-group DefaultDNS
name-server 217.144.239.98
name-server 82.xxx.xxx.xxx
domain-name default.domain.invalid
same-security-traffic permit intra-interface
access-list inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.128
access-list outside_access_in remark Open http for SBS 2008
access-list outside_access_in extended permit tcp any host SBS2008 eq www
access-list outside_access_in remark Open for Companyweb on SBS2008
access-list outside_access_in extended permit tcp any host SBS2008 eq 987
access-list outside_access_in remark Open SMTP to SBS2008
access-list outside_access_in extended permit tcp any host SBS2008 eq smtp
access-list outside_access_in remark Open https to SBS 2008
access-list outside_access_in extended permit tcp any host SBS2008 eq https
pager lines 24
....
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp SBS2008 smtp netmask 255.255.255.255
static (inside,outside) tcp interface www SBS2008 www netmask 255.255.255.255
static (inside,outside) tcp interface https SBS2008 https netmask 255.255.255.255
static (inside,outside) tcp interface 987 SBS2008 987 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 82.xxx.xxx.xxx 1
timeout xlate 3:00:00
Can someone help?
Best regards NAN
03-06-2009 01:11 AM
Hi,
remove
nat (inside) 0 access-list inside_nat0_outbound
maybe it helps. This No_Nat-rule makes no sense, because the network mentioned in the acl is part of the inside network.
The rest of your config seems to be correct.
Regards, Celio
03-06-2009 01:20 AM
Thank's for a quick answer, Celio!
In ASDM, which rule to remove?
I am not good at the commands
Regards NAN
03-06-2009 01:59 AM
Hi.
I have removed the rule nat (inside) 0 access-list inside_nat0_outbound, but still the same error.
Need desperately help.
NAN
03-07-2009 04:03 AM
SOLVED
In ACL, changed from SBS2008 to external address.
This solved the problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide