ASA5505 Port Forwarding not Working

Unanswered Question
Jun 3rd, 2008

I'm trying to replace a basic SOHO NetGear DSL router with a ASA5505 so I can eventually connect remotely using the Cisco VPN client. However, I'm first having a port forwarding problem.

I need to forward ports 1008 - 1009, 1018, and 2000 to 172.29.194.28 on my internal network (my ASA is at 172.29.194.14) and using the packet tracer it looks like the "nat (inside) 1 0.0.0.0 0.0.0.0" rule is dropping those packets.

I've attached my configuration, any suggestions?

Thanks,

Steve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 06/03/2008 - 09:59

Does your application use static source ports too?

access-list outside_access_in extended permit tcp any range 1008 1009 host 172.29.194.28 range 1008 1009

access-list outside_access_in extended permit udp any range 1008 1009 host 172.29.194.28 range 1008 1009

The above ACL believes that the source port is 1008-1009 as well as the destination port. Other than that, it all looks OK. You can turn on logging with the following commands-

logging enable

logging buffer-size 16000

logging buffered debugging

You can the review the log with show log.

stevenhuey Tue, 06/03/2008 - 10:08

As far as I know, since the NetGear router was just configured to forward those ports to 172.29.194.28 and everything was working fine. I'll try enabling logging and see what else I can find out.

Thanks,

Steve

Collin Clark Tue, 06/03/2008 - 10:11

OK. If you enable logging, then try and access your application, then do a show log and post the results, we should be able to help pinpoint the problem.

Actions

This Discussion