Solved: Port Forwarding PAT always bounce back to ASDM Web Page

cisco_tester · ‎02-12-2019

Hello,

I've been working on this and could not find out why.

I have an esxi server and a web server.

I can port forward to my test webserver with no problem using:

static (inside,outside) tcp interface 8080 192.168.6.251 www netmask 255.255.255.255

But when I port forwarded my VMware esxi server it bounced to the Cisco ASDM web page:

static (inside,outside) tcp interface 8082 192.168.6.250 www netmask 255.255.255.255

Can you look at the attached file and let me know?

Thanks,

Tony

Marius Gunnerud · ‎02-12-2019

You do not have any ACL permitting the traffic towards port 8080 and 8082. Add these entries and then test.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎02-12-2019

You have the same IP for both the ESXi and the webserver...192.168.6.251

In any case, you can not NAT the exact same ports to two different internal IPs. The ASA does not have any way of differenciating this traffic. So you would need to NAT 8080 to 80 for the webserver and 8081 to 80 for the ESXi

--
Please remember to select a correct answer and rate helpful posts

cisco_tester · ‎02-12-2019

It was my typo. I did nat 8082 to the esxi server as it was in the attached file.

So regardless what port I assigned as the translated port, it's still forwarded to the Cisco ASDM webpage.

One thing I discovered was that if any of my forwarded hosts has the port 443, it will be directed to the Cisco ASDM webpage.

I tried many web servers. If a web server has a port 443, it would be bounced to the Cisco ASDM webpage.

Any solution would greatly be welcome.

Marius Gunnerud · ‎02-12-2019

You do not have any ACL permitting the traffic towards port 8080 and 8082. Add these entries and then test.

--
Please remember to select a correct answer and rate helpful posts

cisco_tester · ‎02-12-2019

Thanks. That was the answer.