Port forwarding problem with ASA 7.2

Hello there,

I ran onto a funny issue with ASA. I'm trying to make port forwarding where my NAT inside global address is equal to the one of my outside Interface. ASA simply rejects any connection attempts on hosts translated on such way. There is no any logs about denied connections (even with some debugging used) although I'm getting syslog records about Internet packets denied by ACL, but these packets aren't related with my static nat problem. I checked this flow with ASDM Packet Tracer and got info that my connection is denied by ACL implicit rule!? I double checked this ACL and it seems ok. If I switch this static onto an IP address (inside global) that I'm not using for anything other then for this port forwarding - connections are allowed. Service policy implemented is the one that is default: "global_policy" with no changes from default config.

Here is the part of my config: !Address on which I can't connect is I can't connect with any external TCP ports specified in these statics. Everything works ok when I configire my statics with for example instead.

static (inside,outside) tcp pcanywhere-data pcanywhere-data netmask static (inside,outside) tcp 5389 3389 netmask static (inside,outside) udp pcanywhere-status pcanywhere-status netmask static (inside,outside) tcp 6389 3389 netmask static (inside,outside) tcp 59827 1433 netmask static (inside,outside) tcp 3389 3389 netmask ! interface Vlan1 nameif inside security-level 100 ip address ! interface Vlan2 description Internet nameif outside security-level 0 ip address ! access-group 111 in interface outside ! !this ACL is only an example, so only 3389 port is permited, but in my real ACL I permited all ports used in statics.

access-list 111 extended permit tcp any host eq 3389 !

nat (inside) 1 global (outside) 1 interface

Best Regards, Igor

Reply to
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.