05-22-2023 07:25 AM
Dear Team Members,
Greeting to all!
Currently I'm facing with the port forwarding issues for Port 80, I have two wan interface primary is VPN and secondary is OUTSIDE. I set to VPN interface default route administrative value to 1 and secondary default route administrative value to 2.
Now, I try to config port forwarding for internal nginx server 10.20.115.10 to can access form the public with 203.120.197.204 Port 80.
Here is my configuration:
object network NGINX-10.20.115.10-80
host 10.20.115.10
object network NGINX-10.20.115.10-80
nat (internal,VPN) static interface service tcp www www
access-group AZURE-VPN-ACL in interface VPN
access-list AZURE-VPN-ACL extended permit tcp any object NGINX-10.20.115.10 eq www log
It's not working I can not browsing to my port forwarding from public. But AnyConnect VPN is still working with the port 444 and that has been open. Someone please helps me my issues?
Thanks.
PPH
05-22-2023 07:36 AM
object network NGINX-10.20.115.10-80
nat (internal,OUTSIDE) static interface service tcp www www
you need NAT,
the ASA will select either VPN or OUTSIDE
and then the traffic will NATing
05-22-2023 08:23 AM
Dear MHM,
Do you mention do i need to config for both OUTSIDE interface and VPN interface with NAT,
Please kindly provide the configuration for both side.
If i shutdown the OUTSIDE interface without configuration for like that it can be ok?
object network NGINX-10.20.115.10-80
nat (internal,OUTSIDE) static interface service tcp www www
Thanks.
05-22-2023 08:26 AM - edited 05-22-2023 08:27 AM
If i shutdown the OUTSIDE interface without configuration for like that it can be ok? <<- can be more elaborate ?
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
this link can help you
05-22-2023 08:28 AM
Many Thanks bro let me change the config and let you back know the result.
Thanks for your helps.
05-22-2023 08:29 AM
You are so welcome
05-22-2023 08:46 AM
Dear MHM,
When i try to change the config for NAT, one of the old configuration is disappear so, do i need to config with another object name for same host ip address and NAT.
Example : object network NGINX-10.20.115.10-80-2
nat (internal,OUTSIDE) static interface service tcp www www
Am I right?
Thanks.
05-30-2023 06:21 PM
Sorry I make link, but not reply
Yes you are correct you need two different object name with same subnet.
thanks
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide