ASA5505 Port Forwarding not Working

Unanswered Question
Jun 3rd, 2008
User Badges:

I'm trying to replace a basic SOHO NetGear DSL router with a ASA5505 so I can eventually connect remotely using the Cisco VPN client. However, I'm first having a port forwarding problem.


I need to forward ports 1008 - 1009, 1018, and 2000 to 172.29.194.28 on my internal network (my ASA is at 172.29.194.14) and using the packet tracer it looks like the "nat (inside) 1 0.0.0.0 0.0.0.0" rule is dropping those packets.


I've attached my configuration, any suggestions?


Thanks,

Steve



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 06/03/2008 - 09:59
User Badges:
  • Purple, 4500 points or more

Does your application use static source ports too?


access-list outside_access_in extended permit tcp any range 1008 1009 host 172.29.194.28 range 1008 1009

access-list outside_access_in extended permit udp any range 1008 1009 host 172.29.194.28 range 1008 1009


The above ACL believes that the source port is 1008-1009 as well as the destination port. Other than that, it all looks OK. You can turn on logging with the following commands-


logging enable

logging buffer-size 16000

logging buffered debugging


You can the review the log with show log.



stevenhuey Tue, 06/03/2008 - 10:08
User Badges:

As far as I know, since the NetGear router was just configured to forward those ports to 172.29.194.28 and everything was working fine. I'll try enabling logging and see what else I can find out.


Thanks,

Steve

Collin Clark Tue, 06/03/2008 - 10:11
User Badges:
  • Purple, 4500 points or more

OK. If you enable logging, then try and access your application, then do a show log and post the results, we should be able to help pinpoint the problem.

Actions

This Discussion