06-03-2008 09:28 AM - edited 03-03-2019 10:12 PM
I'm trying to replace a basic SOHO NetGear DSL router with a ASA5505 so I can eventually connect remotely using the Cisco VPN client. However, I'm first having a port forwarding problem.
I need to forward ports 1008 - 1009, 1018, and 2000 to 172.29.194.28 on my internal network (my ASA is at 172.29.194.14) and using the packet tracer it looks like the "nat (inside) 1 0.0.0.0 0.0.0.0" rule is dropping those packets.
I've attached my configuration, any suggestions?
Thanks,
Steve
06-03-2008 09:59 AM
Does your application use static source ports too?
access-list outside_access_in extended permit tcp any range 1008 1009 host 172.29.194.28 range 1008 1009
access-list outside_access_in extended permit udp any range 1008 1009 host 172.29.194.28 range 1008 1009
The above ACL believes that the source port is 1008-1009 as well as the destination port. Other than that, it all looks OK. You can turn on logging with the following commands-
logging enable
logging buffer-size 16000
logging buffered debugging
You can the review the log with show log.
06-03-2008 10:08 AM
As far as I know, since the NetGear router was just configured to forward those ports to 172.29.194.28 and everything was working fine. I'll try enabling logging and see what else I can find out.
Thanks,
Steve
06-03-2008 10:11 AM
OK. If you enable logging, then try and access your application, then do a show log and post the results, we should be able to help pinpoint the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide