06-03-2008 09:28 AM - edited 03-03-2019 10:12 PM
I'm trying to replace a basic SOHO NetGear DSL router with a ASA5505 so I can eventually connect remotely using the Cisco VPN client. However, I'm first having a port forwarding problem.
I need to forward ports 1008 - 1009, 1018, and 2000 to 172.29.194.28 on my internal network (my ASA is at 172.29.194.14) and using the packet tracer it looks like the "nat (inside) 1 0.0.0.0 0.0.0.0" rule is dropping those packets.
I've attached my configuration, any suggestions?
Thanks,
Steve
06-03-2008 09:59 AM
Does your application use static source ports too?
access-list outside_access_in extended permit tcp any range 1008 1009 host 172.29.194.28 range 1008 1009
access-list outside_access_in extended permit udp any range 1008 1009 host 172.29.194.28 range 1008 1009
The above ACL believes that the source port is 1008-1009 as well as the destination port. Other than that, it all looks OK. You can turn on logging with the following commands-
logging enable
logging buffer-size 16000
logging buffered debugging
You can the review the log with show log.
06-03-2008 10:08 AM
As far as I know, since the NetGear router was just configured to forward those ports to 172.29.194.28 and everything was working fine. I'll try enabling logging and see what else I can find out.
Thanks,
Steve
06-03-2008 10:11 AM
OK. If you enable logging, then try and access your application, then do a show log and post the results, we should be able to help pinpoint the problem.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: