cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1822
Views
0
Helpful
8
Replies

ASA port forwarding not working. Help ?

Diogene
Level 1
Level 1

Hello everybody. Could someone help me with this running-config. I would like to do port-forwarding with my AS5506W. My private server is on 10.10.30.2.

 

Find below my running-config on ASA. I have done all that is the running-config but it is still not working. I know I have some repeated NAT and ACL. Can you tell me what is wrong ?

1 Accepted Solution

Accepted Solutions

Diogene
Level 1
Level 1

I followed this tutorial for ASDM : https://www.youtube.com/watch?v=cKnAiiUgsgg

 

It works well.

 

In running-configuration :

 

object network NAS-host
 host 10.10.50.2
object service NAS-service
 service tcp source eq 4480
nat (INT-WIFI-PERSONNEL,outside) source static NAS-host interface service any NAS-service
access-list outside_access_in extended permit tcp any object NAS-host eq 4480
access-group outside_access_in in interface outside

Thank you very much for your help.

 

Regards,

View solution in original post

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

Your intention to port-forward only specific ports or any ? ( your config required lot of cleanup, why there is BVI Interface ? and inside_X interfaces)

 

here is the syntax you have - add host should work,

 

object network NAS-TEST

host 10.10.30.2
nat (INT-NAS,outside) static interface service tcp 4480 4480

 

if not post

 

#show run access-group

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 

Only in specific port : 4480.

above should work, try and advise

 

if not working post packet trace output.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 

 

!
object network NAS-TEST
 host 10.10.30.2
 nat (INT-NAS,outside) static interface
!
access-list OUTSIDE_IN extended permit tcp any object NAS-TEST eq 4480
access-group OUTSIDE_IN in interface outside
!

basically, you missing the access-list from outsider interface. do a packet tracer it will work now.

please do not forget to rate.

OK. I have this in my configuration :

 

access-list outside_access_in extended permit ip any any 
access-group outside_access_in in interface outside

It's not enouth as permission ?

 

 

access-list outside_access_in extended permit ip any any 
access-group outside_access_in in interface outside

do not use "permit ip any any" at outside as your network will be at secuirty risk.

 

no access-list outside_access_in permit ip any any

access-list outside_access_in extended permit tcp any host 10.10.30.2

access-group outside_access_in in interface outside

 

please do not forget to rate.

object network NAS-TEST<- delete this

 nat (INT-NAS,outside) static interface service tcp 4480 4480 

 


nat (INT-NAS,outside) static IP  service tcp 4480 4480<- add this

please make change as above.

Diogene
Level 1
Level 1

I followed this tutorial for ASDM : https://www.youtube.com/watch?v=cKnAiiUgsgg

 

It works well.

 

In running-configuration :

 

object network NAS-host
 host 10.10.50.2
object service NAS-service
 service tcp source eq 4480
nat (INT-WIFI-PERSONNEL,outside) source static NAS-host interface service any NAS-service
access-list outside_access_in extended permit tcp any object NAS-host eq 4480
access-group outside_access_in in interface outside

Thank you very much for your help.

 

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: