03-04-2021 05:45 AM - edited 03-04-2021 05:48 AM
Hello everybody. Could someone help me with this running-config. I would like to do port-forwarding with my AS5506W. My private server is on 10.10.30.2.
Find below my running-config on ASA. I have done all that is the running-config but it is still not working. I know I have some repeated NAT and ACL. Can you tell me what is wrong ?
Solved! Go to Solution.
03-04-2021 12:17 PM - edited 03-04-2021 12:18 PM
I followed this tutorial for ASDM : https://www.youtube.com/watch?v=cKnAiiUgsgg
It works well.
In running-configuration :
object network NAS-host host 10.10.50.2 object service NAS-service service tcp source eq 4480 nat (INT-WIFI-PERSONNEL,outside) source static NAS-host interface service any NAS-service access-list outside_access_in extended permit tcp any object NAS-host eq 4480 access-group outside_access_in in interface outside
Thank you very much for your help.
Regards,
03-04-2021 06:23 AM
Your intention to port-forward only specific ports or any ? ( your config required lot of cleanup, why there is BVI Interface ? and inside_X interfaces)
here is the syntax you have - add host should work,
object network NAS-TEST
host 10.10.30.2
nat (INT-NAS,outside) static interface service tcp 4480 4480
if not post
#show run access-group
03-04-2021 06:40 AM
Only in specific port : 4480.
03-04-2021 07:54 AM
above should work, try and advise
if not working post packet trace output.
03-04-2021 09:10 AM - edited 03-04-2021 09:13 AM
! object network NAS-TEST host 10.10.30.2 nat (INT-NAS,outside) static interface ! access-list OUTSIDE_IN extended permit tcp any object NAS-TEST eq 4480 access-group OUTSIDE_IN in interface outside !
basically, you missing the access-list from outsider interface. do a packet tracer it will work now.
03-04-2021 10:19 AM
OK. I have this in my configuration :
access-list outside_access_in extended permit ip any any access-group outside_access_in in interface outside
It's not enouth as permission ?
03-04-2021 10:39 AM
access-list outside_access_in extended permit ip any any access-group outside_access_in in interface outside
do not use "permit ip any any" at outside as your network will be at secuirty risk.
no access-list outside_access_in permit ip any any
access-list outside_access_in extended permit tcp any host 10.10.30.2
access-group outside_access_in in interface outside
03-04-2021 09:44 AM
object network NAS-TEST<- delete this
nat (INT-NAS,outside) static interface service tcp 4480 4480
nat (INT-NAS,outside) static IP service tcp 4480 4480<- add this
please make change as above.
03-04-2021 12:17 PM - edited 03-04-2021 12:18 PM
I followed this tutorial for ASDM : https://www.youtube.com/watch?v=cKnAiiUgsgg
It works well.
In running-configuration :
object network NAS-host host 10.10.50.2 object service NAS-service service tcp source eq 4480 nat (INT-WIFI-PERSONNEL,outside) source static NAS-host interface service any NAS-service access-list outside_access_in extended permit tcp any object NAS-host eq 4480 access-group outside_access_in in interface outside
Thank you very much for your help.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: