10-12-2018 12:41 AM - edited 02-21-2020 08:20 AM
Hello
We're trying to implement a new cisco asa 5508 firewall on our site, but we're having a few issues. Currently the firewall when plugged in allows general internet traffic from the internal interface but none of the internal servers which have nat rules on them can be accessed from the outside interface. I've run a packet tracer on the asa and traffic passes fine going external from these servers. When I do the same test in the opposite direction I get the following error..
I've also attached our current config. If anyone can help it would be much appreciated!
Kind Regards
10-12-2018 02:07 AM - edited 10-12-2018 02:08 AM
Just following on from this I've realised that the packet tracer screen shot above should have the external ip for that particular nat rather than the private ip address in the destination field. That being said it still doesn't explain why the below doesn't work when trying to access the website. Any help on my config would be much appreciated. A 2nd pair of eyes to make sure everything looks set up correctly is a great help.
object network Host_LDS_SV05_Spiceworks
nat (inside,outside) static 188.39.78.54 service tcp 9676 9676
access-list OutsideToInside extended permit tcp any host 192.168.7.5 eq 9676
Kind Regards
10-12-2018 02:16 PM
I don't see your current configuration attached to your post above.
Could you run a packet-tracer from the CLI and post the output here?
Packet-tracer input outside tcp 8.8.8.8 12345 188.39.78.54 9676 detail
It is possible that the traffic is hitting another NAT statement
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide