12-11-2014 10:16 AM - edited 03-11-2019 10:13 PM
Hi,
i have Cisco 5512 ASA with version 8.6(1)2. i have one IP NVR for ip cameras.
please help me how to configure port forwarding in cisco asa in CLI?
I have static IP on ASA 94.56.178. 222 and NVR IP 10.192.192.100
thank you so much.
Solved! Go to Solution.
12-14-2014 04:25 AM
Hi Rizwan,
Just to confirm requirement:
1. What is the IP on outside interface.
2. What is the port and and IP of nvr cam.
3. What is the mapped IP and port.
4. What is the packet tracer command which you are entering to test config.
12-14-2014 06:48 AM
Hi Rishabh,
sorry, i was just hiding real IP address due to client restriction. :-(
here is the reply with real IP please help to resolve it.
Outside IP: 94.56.178.102
NVR IP: 10.171.192.10, HTTP port: 8814, TCP port: 5000, RTSP port: 554
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 94.56.178.102 255.255.255.255 identity
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fffa2969000, priority=0, domain=permit, deny=true
hits=17629, user_data=0x9, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=OUTSIDE, output_ifc=any
Result:
input-interface: OUTSIDE
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Thank you so much
12-14-2014 07:45 AM
refer this article:
https://rowell.dionicio.net/configuring-nat-for-a-public-server-using-same-outside-interface/
12-14-2014 05:41 PM
you can try this,
NVR IP: 10.171.192.10, HTTP port: 8814, TCP port: 5000, RTSP port: 554
object network NVR_IP
host 10.171.192.10
object service NVR-8814
service tcp destination eq 8814
object service NVR-5000
service tcp destination eq 5000
object service NVR-554
service tcp destination eq 554
nat (inside,outside) source static NVR_IP interface service NVR-8814 NVR-8814
nat (inside,outside) source static NVR_IP interface service NVR-5000 NVR-5000
nat (inside,outside) source static NVR_IP interface service NVR-554 NVR-554
12-14-2014 10:52 PM
Sir,
No luck. it's not working.
now i changed HTTP port to 54321 to test but both http ports (8814 & 54321) are not accessible. locally (LAN) i access NVR with http://10.171.192.10:54321 and it's fine in LAN.
any advise.
12-14-2014 11:12 PM
There can be a possibility that you have manual NAT before these object NAT statement.
Try to put those statement after object NAT and check.
To place the manual nat after object nat use "after-source" command in manual nat config.
12-15-2014 01:18 AM
nat (INSIDE,OUTSIDE) after-auto source static NVR_IP interface service NVR-5000 NVR-5000
nat (INSIDE,OUTSIDE) after-auto source static NVR_IP interface service NVR-554 NVR-554
nat (INSIDE,OUTSIDE) after-auto source static NVR_IP interface service NVR-54321 NVR-54321
clear xlate
I put these command but didn't worked. :-(
12-15-2014 01:27 AM
put these on top and check
nat (inside,outside) source static NVR_IP interface service NVR-8814 NVR-8814
nat (inside,outside) source static NVR_IP interface service NVR-5000 NVR-5000
nat (inside,outside) source static NVR_IP interface service NVR-554 NVR-554
12-15-2014 02:04 AM
Hi,
I put on the top with sequence numbers and now these are on the top but still not working. please note i am using 54321 port instead of 8814.
nat (inside,outside) 1 source static NVR_IP interface service NVR-8814 NVR-54321
nat (inside,outside) 2 source static NVR_IP interface service NVR-5000 NVR-5000
nat (inside,outside) 3 source static NVR_IP interface service NVR-554 NVR-554
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide