Greetings,

I am trying to communicate two IoT devices that use ModbusTCP to communicate through an ASA 5505.

The topology is below. ** I must say that I am not an expert in firewalls and I have been educating myself reading the configuration guidelines and the terminal commands help. **

I am specifying the IoTClient to route via ip address 192.168.1.6. I don't have any Default Gateway IP address configured in any of the edge nodes.

My understanding is that traffic coming from a higher security zone (inside) to a lower security zone (outside) is allowed to pass through by default (no restrictions), so I am not configuring any ACLs for the incoming traffic from the IoTServer in the inside zone.

I can't get any traffic through. Below is the ASA running-configuration. Any tips are greatly appreciated.

: Saved

:

ASA Version 8.4(2)

!

hostname ciscoasa

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 172.24.10.1 255.255.255.0

!

object network IoTClient

host 172.24.10.5

nat (inside,outside) static 192.168.1.6

object network IoTServer

host 192.168.1.5

!

!

access-list MDB-IN extended permit tcp host 172.24.10.5 eq 502 host 192.168.1.5 eq 502

!

!

access-group MDB-IN in interface outside

!

!

!

!

!

telnet timeout 5

ssh timeout 5

!

dhcpd auto_config outside

!

dhcpd address 192.168.1.5-192.168.1.36 inside

dhcpd enable inside

!

!

!

!

!

ciscoasa(config)#