Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1690
Views
0
Helpful
21
Replies

cannot reach special port from internet

jonathan.borgeaud
Level 1
Level 1

‎07-03-2012 12:34 PM - edited ‎03-11-2019 04:26 PM

Hi, i've got several problem. The goal is to reach port 8888 from outside to inside my lan.

my config is simple, asa inside : 192.168.1.0/24, outside dhcp by fai.

inside to outside all is ok.

internet ping to outside interface is ok.

But internet to connect to port 8888 is not working.

I try many things and i'm quite sure that my config is shitty now...

So please help me

here it is :

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

!

interface Vlan2

mac-address a44c.1156.90b2

nameif outside

security-level 0

ip address dhcp setroute

!

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server 178.250.208.37

name-server 8.8.8.8

domain-name xx

same-security-traffic permit intra-interface

object network obj_any

subnet 192.168.1.0 255.255.255.0

object network server1

host 192.168.1.20

object network NETWORK_OBJ_192.168.1.192_27

subnet 192.168.1.192 255.255.255.224

object network telephone_ip

host 192.168.1.5

object network lan

subnet 192.168.1.0 255.255.255.0

description lan

object network vpn

range 192.168.69.100 192.168.69.110

description vpn

object network NETWORK_OBJ_192.168.1.0_24

subnet 192.168.1.0 255.255.255.0

object network NETWORK_OBJ_192.168.69.96_28

subnet 192.168.69.96 255.255.255.240

object service http_8888

service tcp destination eq 8888

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object icmp

protocol-object udp

protocol-object tcp

protocol-object ip

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group protocol DM_INLINE_PROTOCOL_2

protocol-object ip

protocol-object icmp

access-list outside_access_in extended permit ip object NETWORK_OBJ_192.168.69.96_28 any

access-list outside_access_in extended permit object-group TCPUDP any object telephone_ip eq sip

access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit object http_8888 any object server1

access-list outside_access_in extended permit tcp any host 192.168.1.20 eq 8888

access-list outside_access_in extended permit tcp any host 192.168.1.20

access-list inside_access_in extended permit ip any any

access-list nonat remark ACL for Nat Bypass

access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.69.0 255.255.255.0

access-list lan standard permit 192.168.1.0 255.255.255.0

access-list SplitTunnel_ACL standard permit 192.168.1.0 255.255.255.0

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool vpn-pool 192.168.69.100-192.168.69.110 mask 255.255.255.0

ipv6 icmp permit any inside

ipv6 icmp permit any outside

icmp unreachable rate-limit 1 burst-size 1

icmp permit any inside

icmp permit any outside

no asdm history enable

arp timeout 14400

nat (inside,outside) source static lan lan destination static vpn vpn

nat (inside,outside) source dynamic lan interface

nat (outside,outside) source dynamic any interface destination static server1 server1 service http_8888 http_8888

!

object network server1

nat (outside,inside) static interface service tcp 8888 8888

!

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

Labels:
0 Helpful
21 Replies 21

Julio Carvajal
VIP Alumni
VIP Alumni
In response to jonathan.borgeaud

‎07-03-2012 04:49 PM

Hello John,

Sure, if you want send me the config on a private message, I will resolve this for you.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

jonathan.borgeaud
Level 1
Level 1
In response to Julio Carvajal

‎07-03-2012 04:50 PM

yes i send it to you now

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to jonathan.borgeaud

‎07-03-2012 05:04 PM

Hello,

Check the changes.

If that does not work, please send the configuration with the changes I did

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

jonathan.borgeaud
Level 1
Level 1
In response to Julio Carvajal

‎07-03-2012 05:16 PM

done look your pm

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to jonathan.borgeaud

‎07-03-2012 05:19 PM

I just answered that

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

jonathan.borgeaud
Level 1
Level 1
In response to Julio Carvajal

‎07-03-2012 05:26 PM

me2 =)

0 Helpful

jonathan.borgeaud
Level 1
Level 1
In response to jonathan.borgeaud

‎07-03-2012 11:29 PM

Hi back,

So any news ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card