Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
752
Views
0
Helpful
1
Replies

Configure ASA to work with Iomega Personal Cloud

jay
Level 1
Level 1

‎01-03-2013 11:21 AM - edited ‎03-11-2019 05:42 PM

We have an Iomega StorCenter NAS and I am trying to get the NAS setup with the Personal Cloud.  I need to configure the ASA to forward port 50500 to the NAS (192.168.1.25).  I have made changes (in bold) to allow this but it still is not working.  Below is the show run of our ASA.  Any help would be greatly appreciated.  Thanks!

WTCI-ASA# show run

: Saved

:

ASA Version 8.0(3)

!

hostname WTCI-ASA

domain-name WTCI.local

enable password XXXXXXXXXXXX encrypted

names

!

interface Vlan1

description to outside interface

nameif outside

security-level 0

ip address dhcp setroute

!

interface Vlan10

description to inside VLAN

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/0

description Cable Modem connection to Armstrong

!

interface Ethernet0/1

switchport access vlan 10

!

passwd XXXXXXXXXXXXX encrypted

ftp mode passive

clock timezone EST -5

clock summer-time CDT recurring

dns server-group DefaultDNS

domain-name WTCI.local

object-group icmp-type DefaultICMP

description Default ICMP Types Permitted

icmp-object echo-reply

icmp-object unreachable

icmp-object time-exceeded

access-list acl_outside extended permit icmp any any object-group DefaultICMP

access-list acl_outside extended permit tcp any interface outside eq 50500

access-list acl_outside extended permit tcp any interface outside eq 50599

access-list nonat remark ACL for Nat Bypass

access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list vpn_SplitTunnel remark ACL for VPN Split Tunnel

access-list vpn_SplitTunnel standard permit 192.168.1.0 255.255.255.0

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

ip local pool vpnpool 192.168.2.1-192.168.2.255

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-635.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 192.168.1.0 255.255.255.0

static (inside,outside) tcp interface 50500 192.168.1.25 50500 netmask 255.255.255.255

static (inside,outside) tcp interface 50599 192.168.1.25 50599 netmask 255.255.255.255

access-group acl_outside in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set strong-des esp-3des esp-md5-hmac

crypto dynamic-map dynmap 30 set transform-set strong-des

crypto map WTCI 65535 ipsec-isakmp dynamic dynmap

crypto map WTCI interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 11

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

vpn-addr-assign local reuse-delay 5

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

dhcpd dns 24.154.1.38 24.154.1.68

dhcpd lease 691200

dhcpd ping_timeout 750

dhcpd domain WTCI.local

dhcpd auto_config outside

!

dhcpd address 192.168.1.30-192.168.1.59 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

group-policy WTCI internal

group-policy WTCI attributes

vpn-idle-timeout 120

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value vpn_SplitTunnel

username XXXX password XXXXXX encrypted privilege 1

username XXXX password XXXXXX encrypted privilege 15

username XXXX password XXXXXX encrypted privilege 15

tunnel-group WTCI-VPN type remote-access

tunnel-group WTCI-VPN general-attributes

address-pool vpnpool

default-group-policy WTCI

tunnel-group WTCI-VPN ipsec-attributes

pre-shared-key XXXXXXXX

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:XXXXXXXXXXX

: end

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎01-03-2013 11:34 AM

Hi,

Have you checked if the "outside" ACL is getting hitcounts?

Could also be usefull to check the logs through ASDM monitoring and see what happens when you attempt the connection.

The NAT configurations seem correct to me.

Have you tried to test the connections by briefly allowing all traffic from outside? (Since the only place people could connect to is the forwarded ports.) Have you tried to add the current DHCP IP of "outside" to the ACL and see if it makes any difference?

If no configuration change makes a difference I would suggest using the ASDM monitoring to take logs of what happens.

You could also use the "packet-tracer" command

Format is

packet-tracer input outside tcp

And copy/paste the output here.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card