01-20-2021 06:21 PM
I wanna configure a port forwarding on ASA so users can register their smartphones, wherever they are, on company PBX. I did configs as below, but softphone not registering.
Can you please help me?
:
ASA Version 9.6(1)
!
interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address 200.0.0.158 255.255.255.240
!
interface GigabitEthernet1/3
nameif DMZ
security-level 50
ip address 10.1.0.1 255.255.255.0
!
interface GigabitEthernet1/5
nameif Inside
security-level 100
ip address 192.168.0252 255.255.255.0
!
object network INSIDE_NET
subnet 192.168.00 255.255.255.0
object network PABX_10.1.0.2
host 10.1.0.2
object service UDP_15757
service udp source eq 15757
object service UDP_5060
service udp source eq sip
object service RANGE_16000-17023
service udp source range 16000 17023
object service RANGE_17024-18047
service udp source range 17024 18047
object network GLOBAL_200.0.0.157
host 200.0.0.157
object-group service PABX_SERVICES
service-object object UDP_15757
service-object object UDP_5060
service-object object RANGE_16000-17023
service-object object RANGE_17024-18047
access-list PABX_ACL extended permit udp object PABX_10.1.0.2 any eq 15767
access-list PABX_ACL extended permit udp object PABX_10.1.0.2 any eq sip
access-list PABX_ACL extended permit udp object PABX_10.1.0.2 any range 16000 17023
access-list PABX_ACL extended permit udp object PABX_10.1.0.2 any range 17024 18047
!
nat (DMZ,Outside) source static PABX_10.1.0.2 GLOBAL_200.0.0.157 service any UDP_15757
nat (DMZ,Outside) source static PABX_10.1.0.2 GLOBAL_200.0.0.157 service any UDP_5060
nat (DMZ,Outside) source static PABX_10.1.0.2 GLOBAL_200.0.0.157 service any RANGE_16000-17023
nat (DMZ,Outside) source static PABX_10.1.0.2 GLOBAL_200.0.0.157 service any RANGE_17024-18047
route Outside 0.0.0.0 0.0.0.0 200.0.0.145 1
route Inside 10.143.0.0 255.255.0.0 192.168.02 1
Capturing inbound packets on Outside interface, I have message: "udp 665 Drop-reason: (acl-drop) Flow is denied by configured rule"
Thanks in advance
Solved! Go to Solution.
01-21-2021 12:06 AM
01-21-2021 12:06 AM
01-21-2021 07:16 AM
Hi Mohammed,
My ACL statement was there, but with no hits. I applied an ACL "udp any to any service XXX" and also performed adjustments on NAT as per your recomendation. Now it is working fine. Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide