Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
3
Replies

Need NAT and Access List Setup Help

Go to solution
Lance Lingerfelt
Level 1
Level 1

‎08-28-2015 06:00 PM - edited ‎03-11-2019 11:30 PM

Good Evening,

             I have been going crazy trying to get this working. I have a subnet of external IPs 1xx.xx.xx.104 255.255.255.248.

Services as follows:

Cable Modem Router is .105.

ASA 5505 .106

WWW/FTP .107

Exchange SMTP/EWS .108

ADFS .110

Internal Web/FTP 192.168.1.218

Internal Exchange: 192.168.1.225

ADFS in DMZ: 192.168.30.50

Internal ADFS: 192.168.1.50

VLANs work internally. I can get out to the internet just fine. I just cannot access any of my servers from external devices. I've tried looking at the logs and I cannot decipher them

I have attached my config for review. I cannot get to the Exchange Server OWA. SMTP does not work. Cannot get to the IIS web page either. All from external sources. I need ADFS in the DMZ to be the proxy and have access to the Internal ADFS Server. I figure it is NAT and/or my access lists that are not configured properly.

 

PLEASE HELP!!!!

Thanks,

Lance the Novice

Labels:
Preview file
19 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Bradfield
Level 6
Level 6

‎08-28-2015 07:04 PM

Lance,

the only thing  I can see in the config that doesn't look quite right are your service objects. FTP for example

 

object service FTP
 service tcp source eq ftp destination eq ftp
 description Protocol for FTP

You have both the source and destination ports eq FTP

If you are connecting to the ftp server then the destination port is FTP, but the source can be anything.

 

I would change your service objects just to have the destination set as below

object service FTP
 service tcp  destination eq ftp
 description Protocol for FTP

 

HTH

Richard.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Bradfield
Level 6
Level 6

‎08-28-2015 07:04 PM

Lance,

the only thing  I can see in the config that doesn't look quite right are your service objects. FTP for example

 

object service FTP
 service tcp source eq ftp destination eq ftp
 description Protocol for FTP

You have both the source and destination ports eq FTP

If you are connecting to the ftp server then the destination port is FTP, but the source can be anything.

 

I would change your service objects just to have the destination set as below

object service FTP
 service tcp  destination eq ftp
 description Protocol for FTP

 

HTH

Richard.

0 Helpful

Go to solution
Lance Lingerfelt
Level 1
Level 1
In response to Richard Bradfield

‎08-28-2015 07:36 PM

HTH,

I changed those like you said and still no luck.

I can ping 106 (address of the asa), but cannot ping any of the other IPs in the range except the Cable Router .105

I'm really about to give up on this. Hopefully my support contract # will come in soon and I can get TAC on it.

Thanks for your help. I appreciate any help I can get at this point.

 

Lance 

 

0 Helpful

Go to solution
Lance Lingerfelt
Level 1
Level 1
In response to Richard Bradfield

‎08-28-2015 08:17 PM

UPDATE UPDATE UPDATE

When the cable company installed the modem, they did not set it to bridge across the IP range. Once I told the cable router to bridge the WAN addresses, everything started working!

 

Thanks again for all your help. I am leaving those statements that you told me to put in there. 

WOOHOO!

Lance

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card