ASA5505 Port Forwarding not Working

Unanswered Question
Jun 3rd, 2008
User Badges:

I'm trying to replace a basic SOHO NetGear DSL router with a ASA5505 so I can eventually connect remotely using the Cisco VPN client. However, I'm first having a port forwarding problem.

I need to forward ports 1008 - 1009, 1018, and 2000 to on my internal network (my ASA is at and using the packet tracer it looks like the "nat (inside) 1" rule is dropping those packets.

I've attached my configuration, any suggestions?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 06/03/2008 - 09:59
User Badges:
  • Purple, 4500 points or more

Does your application use static source ports too?

access-list outside_access_in extended permit tcp any range 1008 1009 host range 1008 1009

access-list outside_access_in extended permit udp any range 1008 1009 host range 1008 1009

The above ACL believes that the source port is 1008-1009 as well as the destination port. Other than that, it all looks OK. You can turn on logging with the following commands-

logging enable

logging buffer-size 16000

logging buffered debugging

You can the review the log with show log.

stevenhuey Tue, 06/03/2008 - 10:08
User Badges:

As far as I know, since the NetGear router was just configured to forward those ports to and everything was working fine. I'll try enabling logging and see what else I can find out.



Collin Clark Tue, 06/03/2008 - 10:11
User Badges:
  • Purple, 4500 points or more

OK. If you enable logging, then try and access your application, then do a show log and post the results, we should be able to help pinpoint the problem.


This Discussion