Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1550
Views
0
Helpful
10
Replies

How to let Plex media server pass through Cisco ASA

Go to solution
tater0214
Level 1
Level 1

‎07-08-2023 10:59 AM

Hi all! I have an ASA 5510 at home hosting anyconnect vpn and I have my plex media server behind the ASA on the inside. Currently I am able to connect to my plex but the the quality is limited to 360p which isn't ideal. On the plex control panel it also says plex is not accessible to the outside world. I know its not an isp bandwidth issue because if connect to the vpn and watch plex I get full res streaming. My question is how do I allow plex traffic to just pass through the asa completely? I am fairly new to all this so I may need a little more walkthrough then normal. Thanks!

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎07-10-2023 03:54 AM

I have little info. about this server so 
client ->ASA -> Server ->ASA -> internet 
this is flow of traffic ?
If Yes 
then you need 
static NATing server IP to ASA OUTside with specific port 32400 
no need ACL since the client will use OUTside public IP to access Server 
also you need 
dynamic NATing the Server subnet to OUTside ASA interface 

View solution in original post

0 Helpful

Go to solution
tater0214
Level 1
Level 1
In response to MHM Cisco World

‎07-10-2023 08:49 AM

Ok so I got it. Turns out my firewall config was correct or at least functional but the issue was a plex glitch. Theres a button to manually specify the port you use. I left this unchecked because I wanted to use the default port of 32400 but just to try I checked the box and entered the port 32400 again and it worked so I'm not sure why plex was doing this but it shouldn't have and I'm quite frustrated with plex right now. I will mark MHM's as solution because that was what I had to do but my config already had that from before but hopefully it helps others.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
tater0214
Level 1
Level 1

‎07-08-2023 12:45 PM

Here is the config

Preview file
6 KB
0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to tater0214

‎07-09-2023 03:27 PM

I'm not sure about which ports need to be opened, however, as you mentioned connecting through the VPN provides full resolution it suggests that there are additional ports that needs to be opened on the firewall. An easy way to find out which ports would be via running packet capture on the firewall outside interface of the traffic destined to the plex server.

0 Helpful

Go to solution
tater0214
Level 1
Level 1
In response to Aref Alsouqi

‎07-09-2023 03:34 PM

Yes, I know I need to open port 32400 I'm just not sure how to do that. I've tried a couple things on my own but nothing has worked so far.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to tater0214

‎07-09-2023 03:59 PM

I think you just need to replace the IP in the "plexport" access list from 192.168.0.50 to 192.168.3.50. Essentially, the IP on the access list needs to be the plex server real IP.

0 Helpful

Go to solution
tater0214
Level 1
Level 1
In response to Aref Alsouqi

‎07-09-2023 04:10 PM

Oh sorry! I forgot to update the config since I've made changes through more research and forums. I now have my isp router set to bridge mode so the asa is getting a dhcp public ip directly now to avoid double NAT-ing. Im still having issues port forwarding it seems though. The updated config is posted below.

Preview file
6 KB
0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to tater0214

‎07-09-2023 04:21 PM

Is there any NAT rule applied to the edge router? Also, if you packet capture on the firewall outside interface, do you see any traffic destined to the plex server?

0 Helpful

Go to solution
tater0214
Level 1
Level 1
In response to Aref Alsouqi

‎07-09-2023 04:47 PM

There shouldn't be any NAT going on in the router anymore. Whenever I try packet capture I get an error. Settings are: Ingress interface-outside ingress access list-plexport(32400) egress interface-inside egress access list-plexport.error.PNG

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to tater0214

‎07-10-2023 01:44 AM

Please try the following from the CLI while you are generating some traffic from outside destined to the plex server:

capture PLEX interface outside match tcp any host 192.168.0.50 eq 32400

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎07-10-2023 03:54 AM

I have little info. about this server so 
client ->ASA -> Server ->ASA -> internet 
this is flow of traffic ?
If Yes 
then you need 
static NATing server IP to ASA OUTside with specific port 32400 
no need ACL since the client will use OUTside public IP to access Server 
also you need 
dynamic NATing the Server subnet to OUTside ASA interface 

0 Helpful

Go to solution
tater0214
Level 1
Level 1
In response to MHM Cisco World

‎07-10-2023 08:49 AM

Ok so I got it. Turns out my firewall config was correct or at least functional but the issue was a plex glitch. Theres a button to manually specify the port you use. I left this unchecked because I wanted to use the default port of 32400 but just to try I checked the box and entered the port 32400 again and it worked so I'm not sure why plex was doing this but it shouldn't have and I'm quite frustrated with plex right now. I will mark MHM's as solution because that was what I had to do but my config already had that from before but hopefully it helps others.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card