Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
3
Helpful
7
Replies

ASA 5515 Firewall Port Forwarding Issue

Pyie Phyo Htay
Level 1
Level 1

‎05-22-2023 07:25 AM

Dear Team Members,

Greeting to all!
Currently I'm facing with the port forwarding issues for Port 80, I have two wan interface primary is VPN and secondary is OUTSIDE. I set to VPN interface default route administrative value to 1 and secondary default route administrative value to 2.

Now, I try to config port forwarding for internal nginx server 10.20.115.10 to can access form the public with 203.120.197.204 Port  80.

Here is my configuration: 

object network NGINX-10.20.115.10-80
host 10.20.115.10

object network NGINX-10.20.115.10-80
nat (internal,VPN) static interface service tcp www www

access-group AZURE-VPN-ACL in interface VPN

access-list AZURE-VPN-ACL extended permit tcp any object NGINX-10.20.115.10 eq www log

It's not working I can not browsing to my port forwarding from public. But AnyConnect VPN is still working with the port 444 and that has been open. Someone please helps me my issues?

Thanks.

PPH

 

0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎05-22-2023 07:36 AM

object network NGINX-10.20.115.10-80
nat (internal,OUTSIDE) static interface service tcp www www

 

you need NAT, 
the ASA will select either VPN or OUTSIDE 
and then the traffic will NATing 

0 Helpful

Pyie Phyo Htay
Level 1
Level 1
In response to MHM Cisco World

‎05-22-2023 08:23 AM

Dear MHM,

Do you mention do i need to config for both OUTSIDE interface and VPN interface with NAT,

Please kindly provide the configuration for both side. 

If i shutdown the OUTSIDE interface without configuration for like that it can be ok?

object network NGINX-10.20.115.10-80
nat (internal,OUTSIDE) static interface service tcp www www

Thanks.

 

MHM Cisco World
VIP
VIP
In response to Pyie Phyo Htay

‎05-22-2023 08:26 AM - edited ‎05-22-2023 08:27 AM

If i shutdown the OUTSIDE interface without configuration for like that it can be ok?  <<- can be more elaborate ?
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

this link can help you 

0 Helpful

Pyie Phyo Htay
Level 1
Level 1
In response to MHM Cisco World

‎05-22-2023 08:28 AM

Many Thanks bro let me change the config and let you back know the result.

Thanks for your helps.

MHM Cisco World
VIP
VIP
In response to Pyie Phyo Htay

‎05-22-2023 08:29 AM

You are so welcome

0 Helpful

Pyie Phyo Htay
Level 1
Level 1
In response to MHM Cisco World

‎05-22-2023 08:46 AM

Dear MHM,

When i try to change the config for NAT, one of the old configuration is disappear so, do i need to config with another object name for same  host ip address and NAT.

Example : object network NGINX-10.20.115.10-80-2
nat (internal,OUTSIDE) static interface service tcp www www

Am I right?

Thanks.

 

MHM Cisco World
VIP
VIP
In response to Pyie Phyo Htay

‎05-30-2023 06:21 PM

Sorry I make link, but not reply
Yes you are correct you need two different object name with same subnet.
thanks 
MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card