Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1084
Views
0
Helpful
0
Replies

ASA5506 v9.8(2) : PAT with BVI 'works' BUT NAT 'fails'

mikedeyoung
Level 1
Level 1

‎04-08-2019 08:11 AM

So did my due diligence and reviewed previous posts but did not find any previous discussion on this topic. I did read https://community.cisco.com/t5/firewalls/asa-5505-to-5506-replacement-using-the-5506-with-bridged/td-p/3075889 which was helpful.

 

So I've got the new BVI config I'm using now in the hopes of simulating switchports on the 5506 like we used to have on the 5505. PAT is working fine... everybody is getting out on to the Internet.

 

PROBLEM: The VOIP PBX vendor wants access to the inside PBX (port-forward TCP 35300 -> 443). Below is my config...

 

object network INSIDE_PANASONIC_PBX
host 192.168.x.200

object service INSIDE_TCP_443
service tcp source eq https

object service OUTSIDE_TCP_35300
service tcp source eq 35300

nat (inside_2,ISP1) source static INSIDE_PANASONIC_PBX interface service INSIDE_TCP_443 OUTSIDE_TCP_35300
nat (inside_3,ISP1) source static INSIDE_PANASONIC_PBX interface service INSIDE_TCP_443 OUTSIDE_TCP_35300

access-list OUTSIDE_ACCESS_IN extended permit tcp any object INSIDE_PANASONIC_PBX eq https

 

This config seems to be failing. I can telnet directly to PBX on inside IP and Port and works fine so I know it's not the PBX.

 

If I enable a PCAP on the WAN interface, I see traffic reaching the Firewall.

 

What do I seem to be doing wrong?

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card