Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Nat port Forwarding , allows only only some ip

Thread Tools

Nat port Forwarding , allows only only some ip
Posts: n/a

we configured cisco asa 5505 router, with the following
configurations. we forwarded the port 8080 to my private ip
( on the same lan. However the router allows from only some
static public ip, and rejects most of the static public ip.

Anyone can figure out the problem? Thanks in Advance!

ASA Version 7.2(2)


hostname hn

domain-name default.domain.invalid

enable password skdjfklke encrypted



interface Vlan1

nameif inside

security-level 75

ip address

ospf cost 10


interface Vlan2

nameif outside

security-level 0

ip address

ospf cost 10


interface Vlan13

no forward interface Vlan2

nameif lan2

security-level 75

ip address



interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1

switchport access vlan 2


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


passwd dsaasdYREI.2OPuU encrypted

banner motd hn...

banner motd Please dont change any configurations with out the
permission of net

work admin..

banner motd Thank you..

no ftp mode passive

clock timezone IST 7 30

dns server-group DefaultDNS

domain-name default.domain.invalid

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group service vnc tcp

description vnc

port-object range 5900 5905

object-group service pramana-ssh tcp

port-object range 10022 10022

access-list 101 extended permit tcp any host object-
group vnc ina


access-list 101 extended permit tcp any host eq ssh

access-list 101 extended permit tcp any host eq 8080

access-list 101 extended permit tcp any host eq 10022

access-list 101 extended permit tcp any host eq 3830

access-list inside_access_in remark Implicit rule: Permit all traffic
to less se

cure networks

access-list inside_access_in extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging standby

logging asdm informational

logging host inside

logging permit-hostdown

mtu inside 1500

mtu outside 1500

mtu lan2 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

static (inside,outside) tcp interface 10022 10022 netmask


static (inside,outside) tcp interface 3830 3830 netmask


static (inside,outside) tcp 8080 8080 netmask


access-group inside_access_in in interface inside

access-group 101 in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
disconnect 0:02:00

timeout uauth 0:05:00 absolute

group-policy DfltGrpPolicy attributes

banner none

wins-server none

dns-server none

dhcp-network-scope none

vpn-access-hours none

vpn-simultaneous-logins 3

vpn-idle-timeout 30

vpn-session-timeout none

vpn-filter none

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

password-storage disable

ip-comp disable

re-xauth disable

group-lock none

pfs disable

ipsec-udp disable

ipsec-udp-port 10000

split-tunnel-policy tunnelall

split-tunnel-network-list none

default-domain none

split-dns none

intercept-dhcp disable

secure-unit-authentication disable

user-authentication disable

user-authentication-idle-timeout 30

ip-phone-bypass disable

leap-bypass disable

nem disable

backup-servers keep-client-config

msie-proxy server none

msie-proxy method no-modify

msie-proxy except-list none

msie-proxy local-bypass disable

nac disable

nac-sq-period 300

nac-reval-period 36000

nac-default-acl none

address-pools none

client-firewall none

client-access-rule none


functions url-entry

html-content-filter none

homepage none

keep-alive-ignore 4

http-comp gzip

filter none

url-list none

customization value DfltCustomization

port-forward none

port-forward-name value Application Access

sso-server none

deny-message value Login was successful, but because certain
criteria have not

been met or due to some specific group policy, you do not have
permission to us

e any of the VPN features. Contact your IT administrator for more

svc none

svc keep-installer installed

svc keepalive none

svc rekey time none

svc rekey method none

svc dpd-interval client none

svc dpd-interval gateway none

svc compression deflate

username admin password lpTWt99OGW0dN6ef encrypted privilege 15

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto map outside_map 20 set pfs

crypto map outside_map 20 set peer

crypto map outside_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

telnet inside

telnet timeout 15

ssh inside

ssh timeout 5

console timeout 0

dhcpd auto_config outside


dhcpd address inside

dhcpd dns interface inside

dhcpd option 66 ip interface inside

dhcpd enable inside



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map type inspect http http_map


protocol-violation action drop-connection

policy-map global_policy

description pramana_ssh

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect netbios

inspect tftp

inspect http http_map

inspect icmp

inspect icmp error


service-policy global_policy global

prompt hostname context


: end


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SOHO 77 + 827 .... NAT, Port forwarding and Firewalling Michael Cisco 0 07-09-2005 05:53 AM
Cisco 837 VPN, NAT and Port Forwarding Weili Cisco 2 03-01-2005 01:14 AM
1720 Config Help. NAT and Port Forwarding... ComputerMan Cisco 3 04-29-2004 02:27 AM
Can you do static translation/port forwarding on Nat'ed IP on a PIX? BitBucket Cisco 4 11-03-2003 09:59 PM
ip nat port forwarding mikester Cisco 0 10-31-2003 10:00 PM