06-08-2015 02:38 PM - last edited on 03-25-2019 05:56 PM by ciscomoderator
hello all-
i have a request to enable port forwarding for a camera in my Cisco ASA 5510 and them port forwarding to internal local IP addresses. from and outside address users should be able to access the camera.
I have attached my running config so you can see what I currently have.
For Example the ports I require are as follows:
Service name CAMERA_CAOUNT" this needs to allow TCP port 220000 & UDP 22000 to internal IP address 10.2.4.35 from static ip address on the outside.
this is what i have setup and its not working
object network Internal_Camera_Server-01
host 10.2.4.35
nat (inside,outside) static interface service tcp 220000 220000
access-list inbound permit tcp any object Internal_Camera_Server-01 eq 220000
object network Internal_Camera_Server-02
host 10.2.4.35
nat (inside,outside) static interface service udp 22000 22000
access-list inbound permit up any object Internal_Camera_Server-01 eq 22000
access-group inbound in interface outside
any help would be greatly appreciated
thank
Solved! Go to Solution.
06-12-2015 04:49 AM
As I posted in your other question to Port Forward;
object network Internal_Camera_Server-01
host 10.2.4.35
nat (inside,outside) static interface service tcp 220000 220000
access-list inbound permit tcp any object Internal_Camera_Server-01 eq 220000
object network Internal_Camera_Server-02
host 10.2.4.35
nat (inside,outside) static interface service udp 22000 22000
access-list inbound permit up any object Internal_Camera_Server-01 eq 22000
access-group inbound in interface outside
Should do you assuming you don't already have an 'inbound' access list
But you specified you wanted a static NAT NOT port forwarding so heres how to do that from public IP 123.123.123.123
access-list inbound permit tcp any host 10.2.4.35 eq 22000
access-list inbound permit tcp any host 10.2.4.35 eq 220000
access-group inbound in interface outside
object network obj-10.2.4.35
host 10.2.4.35
nat (inside,outside) static 123.123.123.123
Pete
06-08-2015 07:58 PM
Hi
It looks like you have the wrong TCP port. Port ranges go up to 65,535. You may have an extra zero in there. I'd start with that and see if it fixes your issue.
Greg
06-11-2015 02:00 PM
i just mistype the port #
06-12-2015 04:49 AM
As I posted in your other question to Port Forward;
object network Internal_Camera_Server-01
host 10.2.4.35
nat (inside,outside) static interface service tcp 220000 220000
access-list inbound permit tcp any object Internal_Camera_Server-01 eq 220000
object network Internal_Camera_Server-02
host 10.2.4.35
nat (inside,outside) static interface service udp 22000 22000
access-list inbound permit up any object Internal_Camera_Server-01 eq 22000
access-group inbound in interface outside
Should do you assuming you don't already have an 'inbound' access list
But you specified you wanted a static NAT NOT port forwarding so heres how to do that from public IP 123.123.123.123
access-list inbound permit tcp any host 10.2.4.35 eq 22000
access-list inbound permit tcp any host 10.2.4.35 eq 220000
access-group inbound in interface outside
object network obj-10.2.4.35
host 10.2.4.35
nat (inside,outside) static 123.123.123.123
Pete
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide