Hello,
For those who is not familiar with what is SlingBox is, it basically stream a analog or digital video source over TCP/IP. Is a pretty cool device and it will also stream the video over internet. http://ca.slingmedia.com/go/slingbox-prohd
The software client to view the SlingBox has a major issue. It require that the computer and slingbox device located within the same network. Basically, the software client will need to automatically detects the slingbox and there is no way to manually tell the software client where the slingbox is located (say if I place the slingbox in a different network).
Being side that, I try to put my slingbox in the DMZ of my ASA5505 base license. Setup static NAT as follows:
object network NAS1
host 10.2.1.10 <-----------slingbox
object network NAS1
nat (dmz,inside) static 192.168.1.15 <--------my computer
Note: I am using ASA 8.3.
My computer IP is 192.168.1.8 and when I launch the software client, it is unable to detect my slingbox in the DMZ.... Any clue how to get this going? Keep in mind I only have the base license for my ASA5505, so I can't initiate traffic from DMZ to inside and I am not sure if that is a requirement for the slingbox....
And I don't really want to put my slingbox to the inside zone, as slingbox require external internet connection initiated from the outside!
I try getting support from slingbox manufacturer, they have never seen anyone trying to do this, hence, useless...
please help!
here is my config:
: Saved
:
ASA Version 8.3(1)
!
hostname xxxxxxxx
enable password xxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxxxxxx encrypted
names
!
interface Vlan200
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan500
no forward interface Vlan800
nameif dmz
security-level 50
ip address 10.2.1.1 255.255.255.0
!
interface Vlan800
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 200
!
interface Ethernet0/1
switchport access vlan 500
switchport protected
!
interface Ethernet0/2
switchport access vlan 500
switchport protected
!
interface Ethernet0/3
switchport access vlan 800
!
interface Ethernet0/4
switchport access vlan 800
!
interface Ethernet0/5
switchport access vlan 800
switchport protected
!
interface Ethernet0/6
switchport access vlan 800
!
interface Ethernet0/7
switchport access vlan 500
switchport protected
!
boot system disk0:/asa831-k8.bin
ftp mode passive
clock timezone xxxxx
object network NAS1
host 10.2.1.10
object network Internet_Access
subnet 0.0.0.0 0.0.0.0
object network Internet_Access2
subnet 0.0.0.0 0.0.0.0
object-group service SlingBox tcp
port-object eq 5001
access-list outside_access_in extended deny ip any any
access-list dmz_access_in extended deny ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu dmz 1500
mtu inside 1500
ipv6 access-list inside_access_ipv6_in deny ip any any
ipv6 access-list dmz_access_ipv6_in deny ip any any
ipv6 access-list outside_access_ipv6_in deny ip any any
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
!
object network NAS1
nat (dmz,inside) static 192.168.1.15
object network Internet_Access
nat (inside,outside) dynamic interface
object network Internet_Access2
nat (dmz,outside) dynamic interface
access-group outside_access_in in interface outside
access-group outside_access_ipv6_in in interface outside
access-group dmz_access_in in interface dmz
access-group dmz_access_ipv6_in in interface dmz
access-group inside_access_in in interface inside
access-group inside_access_ipv6_in in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 30
ssh version 2
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.2.1.8-10.2.1.12 dmz
dhcpd dns {ISP DNS1} {ISP DNS2} interface dmz
dhcpd enable dmz
!
dhcpd address 192.168.1.8-192.168.1.15 inside
dhcpd dns {ISP DNS1} {ISP DNS2} interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username xxxxxx password xxxxxxxxxxxxx encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxx
: end
