cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1425
Views
5
Helpful
4
Replies

FIOS ActionTec to ASA 5506-X Double NAT (port redirects)

Mike-
Beginner
Beginner

Hi, curious if it is possible to double NAT this home network setup.

Setup is FIOS ActionTec router with public IP natting to the 192.168.1.0/24 network.

The ASA outside interface receives IP(192.168.1.2) via DHCP from the actiontec.

 

I have no problem port forwarding from actiontec to the ASA's outside interface for ssh/asdm connectivity.

However I cannot port forward from the ASA outside to the ASA inside interface to websrv.

Is this possible? If so any help would be greatly appreciated.

 

 

1 Accepted Solution

Accepted Solutions

show run nat would be good too. Having said that:

Line 1 is odd. You have source static any, but I believe it should be an object that represents the inside address of your web server listening on port 80
1 (inside) to (outside) source static any interface service HTTP HTTP
Line 2 looks good. Port 443 inbound to the outside of the ASA should be working.
Lines 5 and 6 should be deleted.

Can you also share the object definition for the service object named HTTPS?

George

View solution in original post

4 Replies 4

gbekmezi-DD
Contributor
Contributor
Double NAT shouldn’t be a problem if I understand your scenario. How do you know the traffic is arriving at the ASA? What does your ASA NAT configuration look like?

My websrv(laptop) can access the internet ping google.com download updates etc..

and my second zone that is used for wireless access to the internet works both in and out.

Im trying to port forward 80 and 443 from outside to (inside)SERVER1

There's no auto-nat configured.  - SERVER1 is connected to the inside interface

securebox# show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static any interface service HTTP HTTP
translate_hits = 27, untranslate_hits = 117
2 (inside) to (outside) source static SERVER1 interface service HTTPS HTTPS
translate_hits = 1, untranslate_hits = 235
3 (pc) to (outside) source dynamic obj_172.17.0.0 interface
translate_hits = 417, untranslate_hits = 0
4 (pc) to (outside) source dynamic obj_10.10.0.0 interface
translate_hits = 5567, untranslate_hits = 2
5 (inside) to (outside) source static SERVER1 interface
translate_hits = 115, untranslate_hits = 0
6 (outside) to (inside) source static WAN SERVER1 service HTTP HTTP
translate_hits = 0, untranslate_hits = 0

 

show run nat would be good too. Having said that:

Line 1 is odd. You have source static any, but I believe it should be an object that represents the inside address of your web server listening on port 80
1 (inside) to (outside) source static any interface service HTTP HTTP
Line 2 looks good. Port 443 inbound to the outside of the ASA should be working.
Lines 5 and 6 should be deleted.

Can you also share the object definition for the service object named HTTPS?

George

Superb - That fixed it, it was the nat statement

securebox(config)# show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static SERVER1 interface service HTTP HTTP
translate_hits = 1, untranslate_hits = 1
2 (inside) to (outside) source static SERVER1 interface service HTTPS HTTPS
translate_hits = 1, untranslate_hits = 235
3 (pc) to (outside) source dynamic obj_172.17.0.0 interface
translate_hits = 422, untranslate_hits = 0
4 (pc) to (outside) source dynamic obj_10.10.0.0 interface
translate_hits = 5573, untranslate_hits = 2

securebox(config)# show run object in-line
object network obj_172.17.0.0 subnet 172.17.0.0 255.255.255.0
object service HTTP service tcp source eq www
object network SERVER1 host 172.17.1.1
object service HTTPS service tcp source eq https
object network obj_10.10.0.0 subnet 10.10.0.0 255.255.255.0
object service SSH service tcp source eq ssh
object service SSH2222 service tcp source eq 2222

,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers