Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
599
Views
0
Helpful
4
Replies

ASA 8.4 portforwarding.

Roel Tiongson
Level 1
Level 1

ā€Ž11-06-2012 01:36 AM - edited ā€Ž03-11-2019 05:19 PM

Hi all,

I have an issue with portforwarding in my teleeye cctv behind asa 8.4.

I can browse the DVR outside  via http however when i attempt to login, "server busy" will prompt afterwards.

Note: Theres no issue when acesssing the DVR locally.

Heres my config.

OUTSIDE INTERFACE:

interface Ethernet0/3

speed 100

duplex full

nameif bayan

security-level 0

ip address 10.10.10.2 255.255.255.252

INSIDE INTERFACE:

interface Ethernet0/0.249

vlan 249

nameif internal

security-level 100

ip address 1.1.1.1 255.255.255.0

OBJECT NETWORK:

object network cctv

host 1.1.1.10

STATIC NAT:

object network cctv

nat (internal,bayan) static interface service tcp www 28188

OUTBOUND ACL:

access-list internal_access-in extended permit tcp host 1.1.1.10 eq www any log

INBOUND ACL:

access-list outside-in extended permit tcp any host 1.1.1.10 eq www

ACCESS-GROUP:

access-group internal_access-in in interface internal

access-group outside-in in interface bayan

Note: The box have CSC-SSM, is there a connection with the configuration of the module?

Thanks.

Labels:
0 Helpful
4 Replies 4

Harish Balakrishnan
Spotlight
Spotlight

ā€Ž11-06-2012 01:53 AM

Hello Roel,

You meant to say that, when you browse the server using outside interface,, you are getting page ? and when you give username and password , you are getting the error ? is that the issue ?

regards

Harish

0 Helpful

Roel Tiongson
Level 1
Level 1

ā€Ž11-06-2012 05:27 PM

Hi Harish,

Yes, that is the issue.

Is there something wrong with my configuration?

Thanks,

Roel

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to Roel Tiongson

ā€Ž11-06-2012 11:52 PM

Hello Roel,

Can you modify the inside acl as follows ad try

access-list internal_access-in extended permit ip host 1.1.1.10 any

I suspect the reverse traffic is somehow getting blocked

regards

Harish.

0 Helpful

Roel Tiongson
Level 1
Level 1
In response to Harish Balakrishnan

ā€Ž11-07-2012 12:01 AM

Hi Harish,

Client informed that they modify http port of their DVR to 1024.

I change www in my nat and acl to 1024 and it works.

Thanks,

Roel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card