Than you for your Answer!

I have created an application and use 8080 port, when customers request the application not shown and gives the message "The server refused the connection".

But the application from the server if it works, so I think you should allow port 8080 to customers.

I tried whit:

object network SERVER_8080
host 192.168.10.100
nat (inside,outside) static interface service tcp 8080 8080

I hope to be explicit

Hi David,

The above mentioned configuration will translate the traffic destined to your ASA's public IP and tcp/8080 to 192.168.10.100/8080.

As you are facing issues with connectivity, so you check following:

1.acl to permit traffic to 192.168.10.10/8080.

2. Run packet tracer and see if there is any drop.

command: packet input outside tcp src-ip src-port Asa-ip 8080 detail

3. If you do not see any issues in the packet tracer then try to capture traffic on Asa so that you can narrow down the issue.

command:

cap capi interface inside match tcp any host 192.168.10.100 eq 8080

cap capo interface outside match tcp any host <Asa-ip> eq 8080

to view :

show cap capi ; show cap capo

to remove captures :

no cap capi ; no cap capo

If you see traffic reaching ASA's outside and translated traffic leaving the inside interface then check if server is replying back or just refusing the connection.

Also check if the serve is configured to listen on port 8080.

Share your findings.

Thanks,

R.S.

Hello,

I still can not

I tried to replicate the configuration that I have to port 80 but still without success.

It is this:

WEB-SERVER network object
10.30.30.30 host
WEB-SERVER network object
nat (DMZ, outside) tcp static interface service 8080 8080

IP 10.30.30.30 Is ip DMZ

Hi,

The error page that throws error opens up while accessing the website on port 8080? If yes, then I think there is no issue with the nat configuration.

Also run packet tracer to see how ASA is processing traffic:

packet input outside tcp <source-ip> <src-port> <Asa-ip> 8080 det

Share your findings.

Thanks,

RS