I now have this working.

Dustin Flint · ‎04-24-2015

ASA Version 8.2(5)

I am having issues getting some NAT'ing and port forwarding to work on my ASA5505. I think I am just missing something small, as I have 5520s with the same type of configs that work fine.

First i have a global nat so inside resources have internet access

global (outside) 1 interface

Then I need to port forward port 2222 from the outside FW interface to a specific 10.0.0.x address

static (inside,onside) tcp interface 2222 10.0.0.x 2222 netmask 255.255.255.255

I then have an access rule allowing outside traffic to 10.0.0.x

access-list outside_access_in extended permit ip any host 10.0.0.x

I am sure I am just missing small. I have been through about 100 different NAT and access rule combinations trying to get it to work.

Thanks,

Dustin

Pranay Prasoon · ‎04-24-2015

Yes on 8.2.5 you have to specify mapped IP address in access-list

access-list outside_access_in extended permit ip any host 10.0.0.x///wrong

access-list outside_access_in extended permit ip any host <outside interface IP>///Correct

Dustin Flint · ‎04-24-2015

I try this change and it did not fix the issue

Pranay Prasoon · ‎04-24-2015

after changing the config, take captures and see why it is not working

cap capo interface outside match ip host <ip of test machine> host <interface IP>

cap capi interface inside match ip host <ip of test machine> host <server's inside IP address>

Dustin Flint · ‎05-01-2015

I now have this working. Essential set config to default and started over. Not sure what I did different the second time around, but it is now working.

NAT and Port Forward on ASA 5505