Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey2015-04-03 15:32:08
Cisco
Sergey, 2015-04-03 15:32:08

How to configure port forwarding on Cisco ASA 5510?

Colleagues help out
Two interfaces, look one in LAN, the other in the LAN of a "foreign" network

interface Port-channel1.2
 description OFFICE_NET
 vlan 2
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface Port-channel1.3
 description OTHER_NET
 vlan 3
 nameif othernet
 security-level 10
 ip address 10.10.30.4 255.255.255.0

It is necessary to forward ports from the internal server 192.168.0.9 for clients on the "othernet" network.
I do this:
object network SERVER 
 host 192.168.0.9 
 nat (inside,othernet) static 10.10.30.3 service udp 4569 4569 
access-list othernet_acl extended permit udp any object SERVER eq 4569
access-group othernet_acl in interface othernet

And everything seems to be a bunch, but! It is necessary for me that also a ping went. And then shnyaga on the "other" side categorically does not want to connect.
Additionally, how else can ports be forwarded through the same interface?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
H
Heizenberg, 2015-04-04
@bk0011m

security-level must be the same on both interfaces
add something like
static (inside,othernet) 192.168.10.9 192.168.10.9 netmask 255.255.255.254
static (othernet,inside) 10.10.30.3 10.10.30.3 netmask
255.255.255.254 asa inter vlan routing

Report
P
poisons, 2015-12-28
@poisons

Apnu question, the situation is
asa 5505 9.2(4), I want to forward the port for the torrent client.
Settings

show running-config nat
nat (inside,outside-d) source static NET-LOCAL NET-LOCAL destination static NET-OVH NET-OVH
nat (inside,outside-d) source dynamic NET-FOR-NAT interface
object network media-server
 nat (inside,outside-d) static interface service tcp 43117 43117
asa-home(config)# show running-config access-list
access-list outside_access_in extended permit tcp any object media-server eq 43117
show running-config object
object network media-server
 host 192.168.88.204

the first line is needed so that the traffic that I have in the tunnel to the remote asa does not natitsya. When checking the availability of a port from the outside, the acl hit counter does not increase.
When checking packet-tracer -increments, but packets are dropped.
packet-tracer input outside-d tcp 8.8.8.8 1234 192.168.88.204 43117
Phase: 7
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside,outside-d) source dynamic NET-FOR-NAT interface
NET rule -FOR-NAT I need packets to flow from the inside of the interface. Ports are 100% open on the target machine. Google produces articles where they stubbornly repeat the same thing on the topic "create an object, write acl". Where to dig?
There I have 2 networks, 192.168.87.0/24 - hangs directly on the inside interface and 192.168.88.0/24 hangs behind another router (the firewall / nat is turned off there, the piece of iron transfers packets from interface to interface).

Similar questions
K
Karen Mnatsakanyan2017-08-10 15:29:33
Opencart delivery module 2? 3Reply
I
Igor S2017-01-25 16:28:51
What type of link aggregation to use for maximum throughput? 2Reply
A
Alexander Kaplun2017-01-29 11:45:48
Is there a convenient configuration program for Cisco? 6Reply
P
petrovkazanksvu12021-02-08 12:14:09
How to set up freeradius authentication for cisco routers? 0Reply
N
Norustem Norustem2017-01-31 20:17:20
How to set up a Cisco IP phone model 7911 for Asterisk? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question