Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1353
Views
5
Helpful
9
Replies

Issue allowing outside traffic to my internal media server.

Go to solution
Stevan44
Level 1
Level 1

‎01-07-2022 02:17 PM

I need some help trying to allow outside Plex traffic to connect to my internal Plex media server.

Plex uses tcp 32400 port and I want it talk with my MS 144.244.0.1 which is on the inside). I keep getting this error:

 

%ASA-7-710005: {TCP|UDP} request discarded from
source_address/source_port to interface_name:dest_address/service
The ASA does not have a UDP server that services the UDP request. 

 

I have the following configured:


object network Mark's_Plex
host 144.244.244.195
description Mark's Plex Media Player

 

object service 32400_TCP_Plex
service tcp source eq 32400 destination eq 32400
description For Plex


access-list outside_access_in extended permit tcp interface outside object Mark's_Plex eq 32400 log

 

nat (inside,outside) source static any any destination static Mark's_Plex Mark's_Plex service 32400_TCP_Plex 32400_TCP_Plex description For Outside access to Plex Media Server

 

access-group outside_access_in in interface outside

 

I need fresh set of eye to spot the issue. I believe its the access-list, but i can't see the problem.Thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-08-2022 12:20 AM 

The ASA does not have a UDP server that services the UDP request.

is the service running TCP or UDP on the media server:

 

Try below :

 

object network Mark's_Plex
host 144.244.244.195
description Mark's Plex Media Player

object service 32400_out
service tcp source eq 32400
object service 32400_in
service tcp source eq 32400

nat (inside,outside)source static Mark's_Plex interface service 32400_in 32400_out

access-list outside_access_in extended permit tcp any object Mark's_Plex eq 32400_in log

 

try packet tracer from ASA :

 

packet-tracer input outside tcp 8.8.8.8 1025 external-IP of outside 32400 detailed

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
Stevan44
Level 1
Level 1
In response to paul driver

‎01-09-2022 07:43 PM

Hi Paul,

I used Balaji example below and it fixed my issue. Thanks for chiming in

 

 

object network Mark's_Plex
host 144.244.244.195
description Mark's Plex Media Player

 

object service 32400_out
service tcp source eq 32400
object service 32400_in
service tcp source eq 32400

 

nat (inside,outside)source static Mark's_Plex interface service 32400_in 32400_out

 

access-list outside_access_in extended permit tcp any object Mark's_Plex eq 32400

 

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Stevan44
Level 1
Level 1

‎01-07-2022 09:38 PM

I'm I in the right forum, no one has any ideals o fixing this issue?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-08-2022 12:20 AM 

The ASA does not have a UDP server that services the UDP request.

is the service running TCP or UDP on the media server:

 

Try below :

 

object network Mark's_Plex
host 144.244.244.195
description Mark's Plex Media Player

object service 32400_out
service tcp source eq 32400
object service 32400_in
service tcp source eq 32400

nat (inside,outside)source static Mark's_Plex interface service 32400_in 32400_out

access-list outside_access_in extended permit tcp any object Mark's_Plex eq 32400_in log

 

try packet tracer from ASA :

 

packet-tracer input outside tcp 8.8.8.8 1025 external-IP of outside 32400 detailed

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Stevan44
Level 1
Level 1
In response to balaji.bandi

‎01-08-2022 09:13 AM

Thanks Balaji,

 

Sorry I click on the solved by accident. I'm able to add the first two commands but it errors out on these commands:

 

nat (inside,outside)source static Mark's_Plex interface service 32400_in 32400_out

 

access-list outside_access_in extended permit tcp any object Mark's_Plex eq 32400_in log

 

It does not like eq 32499_in or 32400_out. Not sure if my version of ASA will take _out or _in. Also I've move the Plex server to the DMZ so nat (inside,outside) will change to nat (dmz1, outside).

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Stevan44

‎01-08-2022 09:31 AM

@Stevan44 Is 144.244.244.195 and 144.244.0.1 your actual real public IP addresses?

 

You've said 144.244.0.1 is your MS and your NAT rule and ACL reference an object with an IP address of 144.244.244.195. The ACL needs to reference the real ip address not the translated address.

0 Helpful

Go to solution
Stevan44
Level 1
Level 1
In response to Stevan44

‎01-08-2022 09:36 AM

I got the nat rule added it was my fault created a new object and deleted the old one. I was trying to use the old one in your example and it was giving me an error.

 

But I can add access-list outside_access_in extended permit tcp any object MarksPlex eq 32400_in log, but I can do access-list outside_access_in extended permit tcp any object MarksPlex eq 32400 log

 

But at any rate this fixed the issue Thanks.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Stevan44

‎01-08-2022 09:47 AM

Post the config after changes are done, what error you getting, like to see the error , also give us more information.

 

what ASA Model and what ASA Code running for to assist right syntax.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-09-2022 12:27 PM

Hello

@Stevan44 wrote:

I need some help trying to allow outside Plex traffic to connect to my internal Plex media server.

Plex uses tcp 32400 port and I want it talk with my MS 144.244.0.1 which is on the inside)

 

If you dont need to translate the tcp port then you apply identity nat to that port so it doesnt get translated, the following should static pat on that particualr inside host to the asa outside wan interface on tcp 32400.

object network Mark's_Plex
host 144.244.244.195
nat(inside,outside) static interface service tcp 32400 32400


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Stevan44
Level 1
Level 1
In response to paul driver

‎01-09-2022 07:43 PM

Hi Paul,

I used Balaji example below and it fixed my issue. Thanks for chiming in

 

 

object network Mark's_Plex
host 144.244.244.195
description Mark's Plex Media Player

 

object service 32400_out
service tcp source eq 32400
object service 32400_in
service tcp source eq 32400

 

nat (inside,outside)source static Mark's_Plex interface service 32400_in 32400_out

 

access-list outside_access_in extended permit tcp any object Mark's_Plex eq 32400

 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Stevan44

‎01-10-2022 12:15 AM

Hello

no worries i’m glad @balaji.bandi suggestion worked.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card