10-11-2013 08:16 AM - edited 03-11-2019 07:50 PM
HI,
I am having a real issue with some simple port forwards on a Cisco ASA 5505. I've attached my configuration and gone through loads of documents to make sure it's correct.
Whenever I test the port forward the ASDM shows it's being denied by an ACL but I cannot see how this can be the case? I've also tried a different IOS but same issue.
Any help greatly appreciated.
Thanks
Andrew
Solved! Go to Solution.
10-11-2013 09:06 AM
Hi,
This Dynamic PAT configuration is causing the problems
nat (inside,outside) source dynamic my-inside-net interface
What essentially happens is that all the traffic coming towards your "interface" IP address (even for the forwarded ports) match this Dynamic PAT rule because its at Section 1 (Manual NAT) while the Static PAT configurations are at Section 2 (as Auto NAT)
You can avoid it causing problems to the Static PAT by doing this
no nat (inside,outside) source dynamic my-inside-net interface
nat (inside,outside) after-auto source dynamic my-inside-net interface
Do notice this will teardown any connections that is using this translation.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni
10-11-2013 09:06 AM
Hi,
This Dynamic PAT configuration is causing the problems
nat (inside,outside) source dynamic my-inside-net interface
What essentially happens is that all the traffic coming towards your "interface" IP address (even for the forwarded ports) match this Dynamic PAT rule because its at Section 1 (Manual NAT) while the Static PAT configurations are at Section 2 (as Auto NAT)
You can avoid it causing problems to the Static PAT by doing this
no nat (inside,outside) source dynamic my-inside-net interface
nat (inside,outside) after-auto source dynamic my-inside-net interface
Do notice this will teardown any connections that is using this translation.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni
10-12-2013 03:38 AM
Thank you so much
Fixed it. Saving this for future reference
10-12-2013 06:24 AM
Hi,
With regards to NAT operation and configurations you can also have a look at a document I made.
Plan on adding to it when I got the time/energy
The document can be found here on the CSC
https://supportforums.cisco.com/docs/DOC-31116
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide