cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3376
Views
4
Helpful
16
Replies
Beginner

ASA5505 & Cisco Router 3825 - Double NAT w/ Port Forward

Did you get this resolved. I think I have a simular problem in that I have an internal webserver that tries to send its responses to the original external source address rather than the LAN address of our ASA. Because we dont have any default routes on our core switches though the packets are just dropped rather than sent to the internal LAN of the ASA.

ASA5505 & Cisco Router 3825 - Double NAT w/ Port Forward

I have double NAT running and working great, here is pretty much my running config from my Router 2821 and ASA 5505.

My setup.

ISP ----> 2821 -----> ASA5505 ------> FTP Server

CISCO ROUTER 2821;            Gi0/0 (ISP)        Gi0/1 (10.10.10.1)

interface GigabitEthernet0/1

description LAN-Internal

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex full

speed 100

ip nat inside source static tcp 192.168.1.6 21 interface GigabitEthernet0/0 21

S     192.168.1.0/24 [1/0] via 10.10.10.5

CiSCO ASA 5505 (routed mode)        (eth0/0) 10.10.10.5    (eth0/1) 192.168.1.1

(eth0/1)

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

(eth0/0)

interface Vlan11

description OutsideConnection

nameif outside

security-level 0

ip address 10.10.10.5 255.255.255.0

object network FTPSERVER

host 192.168.1.6

access-list outside_access_in extended permit tcp any object FTPSERVER eq ftp log debugging

object network FTP

nat (inside,outside) static FTPSERVER service tcp ftp ftp

CISCO 2960 Layer 2 only with several Vlans

FTP SERVER

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards