ASA5505 Port Forwarding not Working

stevenhuey · ‎06-03-2008

I'm trying to replace a basic SOHO NetGear DSL router with a ASA5505 so I can eventually connect remotely using the Cisco VPN client. However, I'm first having a port forwarding problem.

I need to forward ports 1008 - 1009, 1018, and 2000 to 172.29.194.28 on my internal network (my ASA is at 172.29.194.14) and using the packet tracer it looks like the "nat (inside) 1 0.0.0.0 0.0.0.0" rule is dropping those packets.

I've attached my configuration, any suggestions?

Thanks,

Steve

Collin Clark · ‎06-03-2008

Does your application use static source ports too?

access-list outside_access_in extended permit tcp any range 1008 1009 host 172.29.194.28 range 1008 1009

access-list outside_access_in extended permit udp any range 1008 1009 host 172.29.194.28 range 1008 1009

The above ACL believes that the source port is 1008-1009 as well as the destination port. Other than that, it all looks OK. You can turn on logging with the following commands-

logging enable

logging buffer-size 16000

logging buffered debugging

You can the review the log with show log.

stevenhuey · ‎06-03-2008

As far as I know, since the NetGear router was just configured to forward those ports to 172.29.194.28 and everything was working fine. I'll try enabling logging and see what else I can find out.

Thanks,

Steve

Collin Clark · ‎06-03-2008

OK. If you enable logging, then try and access your application, then do a show log and post the results, we should be able to help pinpoint the problem.