Solved: Re: ASA port forwarding not working. Help ?

Diogene · ‎03-04-2021

Hello everybody. Could someone help me with this running-config. I would like to do port-forwarding with my AS5506W. My private server is on 10.10.30.2.

Find below my running-config on ASA. I have done all that is the running-config but it is still not working. I know I have some repeated NAT and ACL. Can you tell me what is wrong ?

Diogene · ‎03-04-2021

I followed this tutorial for ASDM : https://www.youtube.com/watch?v=cKnAiiUgsgg

It works well.

In running-configuration :

object network NAS-host
 host 10.10.50.2
object service NAS-service
 service tcp source eq 4480
nat (INT-WIFI-PERSONNEL,outside) source static NAS-host interface service any NAS-service
access-list outside_access_in extended permit tcp any object NAS-host eq 4480
access-group outside_access_in in interface outside

Thank you very much for your help.

Regards,

View solution in original post

balaji.bandi · ‎03-04-2021

Your intention to port-forward only specific ports or any ? ( your config required lot of cleanup, why there is BVI Interface ? and inside_X interfaces)

here is the syntax you have - add host should work,

object network NAS-TEST

host 10.10.30.2
nat (INT-NAS,outside) static interface service tcp 4480 4480

if not post

#show run access-group

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Diogene · ‎03-04-2021

Only in specific port : 4480.

balaji.bandi · ‎03-04-2021

above should work, try and advise

if not working post packet trace output.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sheraz.Salim · ‎03-04-2021

!
object network NAS-TEST
 host 10.10.30.2
 nat (INT-NAS,outside) static interface
!
access-list OUTSIDE_IN extended permit tcp any object NAS-TEST eq 4480
access-group OUTSIDE_IN in interface outside
!

basically, you missing the access-list from outsider interface. do a packet tracer it will work now.

please do not forget to rate.

Diogene · ‎03-04-2021

OK. I have this in my configuration :

access-list outside_access_in extended permit ip any any 
access-group outside_access_in in interface outside

It's not enouth as permission ?

Sheraz.Salim · ‎03-04-2021

access-list outside_access_in extended permit ip any any 
access-group outside_access_in in interface outside

do not use "permit ip any any" at outside as your network will be at secuirty risk.

no access-list outside_access_in permit ip any any

access-list outside_access_in extended permit tcp any host 10.10.30.2

access-group outside_access_in in interface outside

please do not forget to rate.

MHM Cisco World · ‎03-04-2021

object network NAS-TEST<- delete this

nat (INT-NAS,outside) static interface service tcp 4480 4480

nat (INT-NAS,outside) static IP service tcp 4480 4480<- add this

please make change as above.

Diogene · ‎03-04-2021

I followed this tutorial for ASDM : https://www.youtube.com/watch?v=cKnAiiUgsgg

It works well.

In running-configuration :

object network NAS-host
 host 10.10.50.2
object service NAS-service
 service tcp source eq 4480
nat (INT-WIFI-PERSONNEL,outside) source static NAS-host interface service any NAS-service
access-list outside_access_in extended permit tcp any object NAS-host eq 4480
access-group outside_access_in in interface outside

Thank you very much for your help.

Regards,