01-07-2014 06:25 PM - edited 03-11-2019 08:26 PM
Hi all. I'm playing with a cool program called Subsonic - You can stream music from your home server to whatever. The problem I'm having is getting a NAT statement to access the server from inside.
Here's my current config for the service:
object network SubSonic
host 192.168.2.32
nat (inside,outside) static interface service tcp 4040 4040
access-list outside_inbound permit tcp any object SubSonic eq 4040
This is working great when I'm out in the world, but when I'm home and connected inside no luck. I'm thinking I need some sort of nat statement for inside to inside, but I'm at a loss really. Any help here would be appricated.
Thanks,
Ed
Solved! Go to Solution.
01-07-2014 08:36 PM
All you need to do is configure an object for the external IP address that you have on the ASA and then configure the U turn:
If you think that is the case configure the next:
object network External_IP
host External_IP
nat (inside,inside) source dynamic any interface destination static External_IP SubSonic
same-security-traffic permit intra-interface
Value our effort and rate the assistance!
01-07-2014 07:31 PM
Hi,
Assuming your stream server is sitting behind the inside interface and you want to stream music to a host which is sitting behind the inside interface as well.
More info would be useful like a topology visio.
1 you need to enable communication between hosts connected to the same interface
2 if your pc and stream server are behind different interfaces then the interfaces should have the same security level, and you should enable communication between interfaces with same security level. Or create an ACL with the right permit statement.
01-07-2014 07:37 PM
Both devices (Server and AP) are connected to the inside vlan with the ASA doing DHCP. Communication is fine on the LAN side. I can change the server address on my phone to the inside address for the server and it works.
Syslog is showing:
6 | Jan 07 2014 | 19:36:10 | 110002 | 192.168.2.232 | 33871 | Failed to locate egress interface for TCP from inside:192.168.2.232/33871 to OU.TS.ID.E/4040 |
01-07-2014 07:46 PM
Do you want to access the stream server via outside ip when you are connected to inside?
01-07-2014 07:54 PM
Exactly - so a mobile device can be mobile without having to change configuration.
01-07-2014 08:18 PM
Can you access the device with a PC so we can run a sniffer trace on the PC when it works and compare what port and protocol is used. It would be also a good idea to check logs and captures that can be runned on the ASA when you setup the server behind the ASA with NAT, that way we can check when your phone is trying to connect to the server with the phones source address through logs and captures.
Value our effort and rate the assistance!
01-07-2014 08:29 PM
Well I can tell you its on TCP 4040. When I access on the lan I'm just using http://192.168.2.238:4040. Nothing special there. Looking at the syslog from my traffic headed to the public address it's getting NATted. That's why I'm thinking I need to hairpin the traffic.
TCP 4040 from 192.168.2.0/24 headed to myoutsideIP needs to be redirected to 192.168.2.238:4040.
01-07-2014 08:36 PM
All you need to do is configure an object for the external IP address that you have on the ASA and then configure the U turn:
If you think that is the case configure the next:
object network External_IP
host External_IP
nat (inside,inside) source dynamic any interface destination static External_IP SubSonic
same-security-traffic permit intra-interface
Value our effort and rate the assistance!
01-07-2014 08:57 PM
Thank You Sir! I was damn close a couple times, but was getting messed up on the nat statement.
The commands I used:
object network SubSonicLAN
host OUTSIDEIP
nat (inside,inside) source dynamic any interface destination static SubSonicLAN SubSonic
That made my night. I was messing with this for hours!
Thanks,
Ed
01-07-2014 09:44 PM
happy to help!!!!
Value our effort and rate the assistance!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: