Hi,
I'm trying to do port forwarding on Cisco ASA 9.6(1) but for some reason it keeps failing for me. I would like to map port 3000 of host 172.16.0.10 to port 80 of the outside interface of ASA.
Here is what I've done so far:
object network obj_172.16.0.10
nat (internet-dmz,outside) static interface service tcp 3000 www
object network obj_172.16.0.10
host 172.16.0.10
access-list outside_access_in extended permit tcp any object obj_172.16.0.10 eq www
access-list outside_access_in extended permit tcp any object obj_172.16.0.10 eq 3000
access-group outside_access_in in interface outside
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet1/4
nameif internet-dmz
security-level 5
ip address 172.16.0.1 255.255.255.0
When I test access to it from the outside world, I get the following syslog message ID 710003 saying that access was denied:
TCP access denied by ACL from A.B.C.D/1024 to outside:W.X.Y.Z/80
show xlate on the ASA shows this:
TCP PAT from internet-dmz:172.16.0.10 3000-3000 to outside:W.X.Y.Z 80-80
This used to be piece of cake for me up until ASA version 7.x. But now I don't know why this is getting denied. Any suggestions will be much appreciated.
Thanks,
Pankaj
