Setup ASA 5505 Access or NAT Rules to Inside Server/IP Cam

siriussystems · ‎10-26-2012

I'm having trouble setting up the correct rules on an ASA 5505 I'm using in my home office. I have a couple of IP Cams I need to access remotely.

I've tried setting up simple NAT(PAT) and/or Access Rules, but it hasn't worked. I have a single dynamic IP for the Outside interface. Call it 77.76.88.10 and I am using PAT. The CAM is setup to connect on port 80, but could be configured if necessary. I've tried setting up NAT Rules using ASDM as follows:

Match Criteria: Original Packet

Source Intf = outside

Dest Intf = inside

Source = any

Destination = CAM (which was defined as 192.168.xx.xx)

Service = Cam Service Obj which was defined as a TCP service on Destination Port/Range = 80, Source Port/Range = 14140 (a unique port to use from Internet)

Action: Translated Packet

Source = Inside (P)

Destination = --Original--

Service = --Original--

What am I missing? I'm afraid to use CLI only because I am not confident I'll know how to remove changes if I make a mistake.

Julio Carvajal · ‎10-26-2012

Hello.

Please share show run Nat?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

siriussystems · ‎10-27-2012

Here is show run nat

SiriusASA(config)# show run nat
nat (outside,inside) source dynamic any interface destination static LVNGCAM LVNGCAM service 13130-80 13130-80
!
object network obj_any
 nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any interface

Do I need to creat Access Rules as well?