portforward on asa 5505

rfosterdingley · ‎06-25-2009

Hello, i have a problem setting up portforwarding on a asa 5505

I want to get tcp port 2051 on the outside to be forwarded to 192.168.6.10 on the inside and i have the following config:

ASA Version 7.2(4)

interface Vlan1

nameif inside

security-level 100

ip address 192.168.6.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 195.81.121.246 255.255.255.252

!

interface Ethernet0/0

switchport access vlan 2

!

access-list inside_nat0_outbound extended permit ip any any

access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 any

access-list outside_access_in extended permit ip any interface outside

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 2051 192.168.6.10 2051 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 195.81.121.245 1

dhcpd auto_config outside

!

dhcpd address 192.168.6.90-192.168.6.99 inside

dhcpd dns 192.168.6.1 interface inside

dhcpd enable inside

!

It seems that is constantly blocked by an ACL but i can't figure out the right config, could you give me some input?

dcambron · ‎06-25-2009

static (INSIDE,OUTSIDE) tcp interface 2051 192.168.6.10 2051

no access-list outside_access_in extended permit ip any interface outside

access-list outside_access_in extended permit tcp any host 195.81.121.246 eq 2051

access-group outside_access_in in interface OUTSIDE

let meknow if it works

ciscoadminist · ‎07-22-2009

static (INSIDE,OUTSIDE) tcp interface 2051 192.168.6.10 2051

no access-list outside_access_in extended permit ip any interface outside

access-list outside_access_in extended permit tcp any host 195.81.121.246 eq 2051

access-list outside_access_in extended permit ip any any

access-group outside_access_in in interface OUTSIDE

tray that's, it's work for me.

Good luck

alexojeda · ‎07-16-2009

down the security level at Vlan1

from 100 to a low.

example: 90

dcambron · ‎07-17-2009

WHY??