Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
3
Replies

Port forwards not working : ASA 5505 8.42

Go to solution
Andrew Battersby
Level 1
Level 1

‎10-11-2013 08:16 AM - edited ‎03-11-2019 07:50 PM

HI,

I am having a real issue with some simple port forwards on a Cisco ASA 5505. I've attached my configuration and gone through loads of documents to make sure it's correct.

Whenever I test the port forward the ASDM shows it's being denied by an ACL but I cannot see how this can be the case? I've also tried a different IOS but same issue.

Any help greatly appreciated.


Thanks


Andrew

Labels:
15368992-portforwards.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎10-11-2013 09:06 AM

Hi,

This Dynamic PAT configuration is causing the problems

nat (inside,outside) source dynamic my-inside-net interface

What essentially happens is that all the traffic coming towards your "interface" IP address (even for the forwarded ports) match this Dynamic PAT rule because its at Section 1 (Manual NAT) while the Static PAT configurations are at Section 2 (as Auto NAT)

You can avoid it causing problems to the Static PAT by doing this

no nat (inside,outside) source dynamic my-inside-net interface

nat (inside,outside) after-auto source dynamic my-inside-net interface

Do notice this will teardown any connections that is using this translation.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎10-11-2013 09:06 AM

Hi,

This Dynamic PAT configuration is causing the problems

nat (inside,outside) source dynamic my-inside-net interface

What essentially happens is that all the traffic coming towards your "interface" IP address (even for the forwarded ports) match this Dynamic PAT rule because its at Section 1 (Manual NAT) while the Static PAT configurations are at Section 2 (as Auto NAT)

You can avoid it causing problems to the Static PAT by doing this

no nat (inside,outside) source dynamic my-inside-net interface

nat (inside,outside) after-auto source dynamic my-inside-net interface

Do notice this will teardown any connections that is using this translation.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

0 Helpful

Go to solution
Andrew Battersby
Level 1
Level 1
In response to Jouni Forss

‎10-12-2013 03:38 AM

Thank you so much

Fixed it. Saving this for future reference

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Andrew Battersby

‎10-12-2013 06:24 AM

Hi,

With regards to NAT operation and configurations you can also have a look at a document I made.

Plan on adding to it when I got the time/energy

The document can be found here on the CSC

https://supportforums.cisco.com/docs/DOC-31116

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card