Solved: Re: dying to know , why the asa 5505 ios 8.4 is not making port

Dr.X · ‎01-23-2014

hi all ,

ive googled alot with no benefit ,

ive tried alot with no benefit

here is y simple ASA 5505 with ios 8.4

====insidel lan==(ins)=====ASA==(outside)=============internet

i need two things :

1-i need to pat the inside lan 10.66.12.0/24 with the outside interface of the asa

also ,

2-i want to make portforward to the lan ip 10.66.12.122 for rdp

i will pasted followign config and wish somebody tell me the problem

======================================================================

object network localsubnet

subnet 10.66.12.0 255.255.255.0

description localsubnet

object network RDP-Host

host 10.66.12.122

description RDP host

object service rdp

service tcp destination eq 3389

access-list outside_in extended permit tcp any host 192.168.12.2 eq 5000

access-list outside_in extended permit tcp any host 10.66.12.122 eq 3389

access-list outside_in extended permit ip any any

nat (ins,outside) source static RDP-Host interface service rdp rdp

!

object network localsubnet

nat (ins,outside) dynamic interface

access-group outside_in in interface outside

========================================================

PAT is ok , no problems

but why i cant access the local address of 10.66.12.122 from the internet ???

i mean i put the public outside ip of the asa x.x.x.x:3389 but no luck !!!!!!!!!!1

could this an issue from ios ?

is my config right ?

how triubleshoot ??

regards

Jon Marshall · ‎01-23-2014

Did you configure the whole thing ie. not just adding the static line but also the object network bit first. It needs to be all configured as one.

Jon

View solution in original post

Jon Marshall · ‎01-23-2014

I'm not yet entirely up to speed with ASA 8.3 NAT onwards but can you remove all your configuration for the RDP host and then try this -

object network RDP-Host

host 10.66.12.122

nat (ins,outside) static interface service tcp 3389 3389

Jon

Dr.X · ‎01-23-2014

hi ,

thanks alot ,

still no luck

a1(config)# nat (ins,outside) static interface service tcp 3389 3389

^

ERROR: % Invalid input detected at '^' marker.

a1(config)# nat (ins,outs

a1(config)# nat (ins,outside) ?

configure mode commands/options:

<1-2147483647> Position of NAT rule within before auto section

after-auto Insert NAT rule after auto section

source Source NAT parameters

a1(config)# nat (ins,outside)

wts going on ???

can be a feature disbaled on the ios ??

Jon Marshall · ‎01-23-2014

Did you configure the whole thing ie. not just adding the static line but also the object network bit first. It needs to be all configured as one.

Jon

Dr.X · ‎01-23-2014

hi ,

you are correct ,

thanks very verey vweery very very very very very much

the command as one block :

object network RDP-Host

host 10.66.12.122

nat (ins,outside) static interface service tcp 3389 3389

another question ,

i also wanto to forward http , https to another loccal host , and need to access the outside interface from the internet
which is best solution to access asa ??

change the asa http port ?

regards

dying to know , why the asa 5505 ios 8.4 is not making portforwarding &