Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
2
Replies

Nat ASA 5506-X

abaku
Level 1
Level 1

‎12-16-2021 11:28 PM

compliments of the season Cisco community.

I want to grant permission (CLI) to any client outside, to access a tcp service on server within my LAN with IP 10.30.0.3

I entered the instructions below but still can't access the service from outside. please can someone tell me what's wrong.

 

# object network outside_to_inside

# host 10.30.0.3

# nat (inside,outside) static interface service tcp 80 80

# access-list outsideToInside permit tcp any host 10.30.0.3 eq 80

# access-group outsideToInside in interface outside

 

 

please can someone help?

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎12-17-2021 12:02 AM

@abaku the configuration seems ok. Can you run packet-tracer from the CLI and provide the output. Example:- "packet-tracer input outside tcp 8.8.8.8 3000 <your outside interface ip> 80"

0 Helpful

johnlloyd_13
Level 9
Level 9

‎12-17-2021 07:55 PM

hi,

 

NAT config looks fine. are you sure your server uses TCP port 80 to provide CLI access?

is ASA able to ping10.30.0.3? ensure there's a route configured for 10.30.x.x and server IP settings, port/service are correct.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card