Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 9.1 NAT Problem

Hi all. I'm playing with a cool program called Subsonic - You can stream music from your home server to whatever. The problem I'm having is getting a NAT statement to access the server from inside.

Here's my current config for the service:

object network SubSonic

host 192.168.2.32

nat (inside,outside) static interface service tcp 4040 4040

access-list outside_inbound permit tcp any object SubSonic eq 4040

This is working great when I'm out in the world, but when I'm home and connected inside no luck. I'm thinking I need some sort of nat statement for inside to inside, but I'm at a loss really. Any help here would be appricated.

Thanks,

    Ed

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

ASA 9.1 NAT Problem

All you need to do is configure an object for the external IP address that you have on the ASA and then configure the U turn:

If you think that is the case configure the next:

object network External_IP

host External_IP

nat (inside,inside) source dynamic any interface destination static External_IP SubSonic

same-security-traffic permit intra-interface

Value our effort and rate the assistance!

Value our effort and rate the assistance!
9 REPLIES
New Member

ASA 9.1 NAT Problem

Hi,

Assuming your stream server is sitting behind the inside interface and you want to stream music to a host which is sitting behind the inside interface as well.

More info would be useful like a topology visio.

1 you need to enable communication between hosts connected to the same interface

2 if your pc and stream server are behind different interfaces then the interfaces should have the same security level, and you should enable communication between interfaces with same security level. Or create an ACL with the right permit statement.

New Member

ASA 9.1 NAT Problem

Both devices (Server and AP) are connected to the inside vlan with the ASA doing DHCP. Communication is fine on the LAN side. I can change the server address on my phone to the inside address for the server and it works.

Syslog is showing:

6Jan 07 201419:36:10110002192.168.2.23233871

Failed to locate egress interface for TCP from inside:192.168.2.232/33871 to OU.TS.ID.E/4040
New Member

Re: ASA 9.1 NAT Problem

Do you want to access the stream server via outside ip when you are connected to inside?

New Member

ASA 9.1 NAT Problem

Exactly - so a mobile device can be mobile without having to change configuration.

Silver

ASA 9.1 NAT Problem

Can you access the device with a PC so we can run a sniffer trace on the PC when it works and compare what port and protocol is used. It would be also a good idea to check logs and captures that can be runned on the ASA when you setup the server behind the ASA with NAT, that way we can check when your phone is trying to connect to the server with the phones source address through logs and captures.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

ASA 9.1 NAT Problem

Well I can tell you its on TCP 4040. When I access on the lan I'm just using http://192.168.2.238:4040. Nothing special there. Looking at the syslog from my traffic headed to the public address it's getting NATted. That's why I'm thinking I need to hairpin the traffic.

TCP 4040 from 192.168.2.0/24 headed to myoutsideIP needs to be redirected to 192.168.2.238:4040.

Silver

ASA 9.1 NAT Problem

All you need to do is configure an object for the external IP address that you have on the ASA and then configure the U turn:

If you think that is the case configure the next:

object network External_IP

host External_IP

nat (inside,inside) source dynamic any interface destination static External_IP SubSonic

same-security-traffic permit intra-interface

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

ASA 9.1 NAT Problem

Thank You Sir! I was damn close a couple times, but was getting messed up on the nat statement.

The commands I used:

object network SubSonicLAN

host OUTSIDEIP

nat (inside,inside) source dynamic any interface destination static SubSonicLAN SubSonic

That made my night. I was messing with this for hours!

Thanks,

    Ed

Silver

ASA 9.1 NAT Problem

happy to help!!!!

Value our effort and rate the assistance!

Value our effort and rate the assistance!
419
Views
5
Helpful
9
Replies