Nat port Forwarding , allows only only some ip

Discussion in 'Cisco' started by rayuthar@gmail.com, Apr 17, 2008.

  1. Guest

    Hi,

    we configured cisco asa 5505 router, with the following
    configurations. we forwarded the port 8080 to my private ip
    (10.0.1.178) on the same lan. However the router allows from only some
    static public ip, and rejects most of the static public ip.

    Anyone can figure out the problem? Thanks in Advance!






    ASA Version 7.2(2)

    !

    hostname hn

    domain-name default.domain.invalid

    enable password skdjfklke encrypted

    names

    !

    interface Vlan1

    nameif inside

    security-level 75

    ip address 10.0.1.1 255.255.255.0

    ospf cost 10

    !

    interface Vlan2

    nameif outside

    security-level 0

    ip address xxx.xxx.xxx.xxx 255.255.255.0

    ospf cost 10

    !

    interface Vlan13

    no forward interface Vlan2

    nameif lan2

    security-level 75

    ip address 10.0.3.1 255.255.255.0

    management-only

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    switchport access vlan 2

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    passwd dsaasdYREI.2OPuU encrypted

    banner motd hn...

    banner motd Please dont change any configurations with out the
    permission of net

    work admin..

    banner motd Thank you..

    no ftp mode passive

    clock timezone IST 7 30

    dns server-group DefaultDNS

    domain-name default.domain.invalid

    same-security-traffic permit inter-interface

    same-security-traffic permit intra-interface

    object-group service vnc tcp

    description vnc

    port-object range 5900 5905

    object-group service pramana-ssh tcp

    port-object range 10022 10022

    access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx object-
    group vnc ina

    ctive

    access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq ssh
    inactive

    access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 8080

    access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 10022

    access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq 3830

    access-list inside_access_in remark Implicit rule: Permit all traffic
    to less se

    cure networks

    access-list inside_access_in extended permit ip any any

    pager lines 24

    logging enable

    logging timestamp

    logging standby

    logging asdm informational

    logging host inside 10.0.8.152

    logging permit-hostdown

    mtu inside 1500

    mtu outside 1500

    mtu lan2 1500

    icmp unreachable rate-limit 1 burst-size 1

    asdm image disk0:/asdm-522.bin

    no asdm history enable

    arp timeout 14400

    global (outside) 1 interface

    nat (inside) 1 0.0.0.0 0.0.0.0

    static (inside,outside) tcp interface 10022 10.0.1.0 10022 netmask
    255.255.25

    5.255

    static (inside,outside) tcp interface 3830 10.0.1.0 3830 netmask
    255.255.255.

    255

    static (inside,outside) tcp 0.0.0.0 8080 10.0.1.178 8080 netmask
    255.255.255.

    255

    access-group inside_access_in in interface inside

    access-group 101 in interface outside

    route outside 0.0.0.0 0.0.0.0 64.22.240.1 1

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    0:05:00

    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    disconnect 0:02:00

    timeout uauth 0:05:00 absolute

    group-policy DfltGrpPolicy attributes

    banner none

    wins-server none

    dns-server none

    dhcp-network-scope none

    vpn-access-hours none

    vpn-simultaneous-logins 3

    vpn-idle-timeout 30

    vpn-session-timeout none

    vpn-filter none

    vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

    password-storage disable

    ip-comp disable

    re-xauth disable

    group-lock none

    pfs disable

    ipsec-udp disable

    ipsec-udp-port 10000

    split-tunnel-policy tunnelall

    split-tunnel-network-list none

    default-domain none

    split-dns none

    intercept-dhcp 255.255.255.255 disable

    secure-unit-authentication disable

    user-authentication disable

    user-authentication-idle-timeout 30

    ip-phone-bypass disable

    leap-bypass disable

    nem disable

    backup-servers keep-client-config

    msie-proxy server none

    msie-proxy method no-modify

    msie-proxy except-list none

    msie-proxy local-bypass disable

    nac disable

    nac-sq-period 300

    nac-reval-period 36000

    nac-default-acl none

    address-pools none

    client-firewall none

    client-access-rule none

    webvpn

    functions url-entry

    html-content-filter none

    homepage none

    keep-alive-ignore 4

    http-comp gzip

    filter none

    url-list none

    customization value DfltCustomization

    port-forward none

    port-forward-name value Application Access

    sso-server none

    deny-message value Login was successful, but because certain
    criteria have not

    been met or due to some specific group policy, you do not have
    permission to us

    e any of the VPN features. Contact your IT administrator for more
    information

    svc none

    svc keep-installer installed

    svc keepalive none

    svc rekey time none

    svc rekey method none

    svc dpd-interval client none

    svc dpd-interval gateway none

    svc compression deflate

    username admin password lpTWt99OGW0dN6ef encrypted privilege 15

    http server enable

    http 10.0.1.0 255.255.255.0 inside

    no snmp-server location

    no snmp-server contact

    snmp-server enable traps snmp authentication linkup linkdown coldstart

    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

    crypto map outside_map 20 set pfs

    crypto map outside_map 20 set peer 72.55.173.2

    crypto map outside_map 20 set transform-set ESP-3DES-MD5

    crypto map outside_map interface outside

    crypto isakmp enable outside

    crypto isakmp policy 10

    authentication pre-share

    encryption 3des

    hash md5

    group 2

    lifetime 86400

    telnet 10.0.1.0 255.255.255.0 inside

    telnet timeout 15

    ssh 10.0.0.0 255.255.0.0 inside

    ssh timeout 5

    console timeout 0

    dhcpd auto_config outside

    !

    dhcpd address 10.0.1.100-10.0.1.227 inside

    dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside

    dhcpd option 66 ip 10.0.12.10 interface inside

    dhcpd enable inside

    !



    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    policy-map type inspect dns preset_dns_map

    parameters

    message-length maximum 512

    policy-map type inspect http http_map

    parameters

    protocol-violation action drop-connection

    policy-map global_policy

    description pramana_ssh

    class inspection_default

    inspect dns preset_dns_map

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect rsh

    inspect rtsp

    inspect esmtp

    inspect sqlnet

    inspect skinny

    inspect sunrpc

    inspect xdmcp

    inspect netbios

    inspect tftp

    inspect http http_map

    inspect icmp

    inspect icmp error

    !

    service-policy global_policy global

    prompt hostname context

    Cryptochecksum:csdfkkkl117e96d

    : end

    hn#
    , Apr 17, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mikester

    ip nat port forwarding

    mikester, Oct 31, 2003, in forum: Cisco
    Replies:
    0
    Views:
    2,350
    mikester
    Oct 31, 2003
  2. BitBucket
    Replies:
    4
    Views:
    3,834
    BitBucket
    Nov 3, 2003
  3. Patrick
    Replies:
    5
    Views:
    628
    Julie
    Feb 19, 2004
  4. ComputerMan
    Replies:
    3
    Views:
    3,008
  5. RichA
    Replies:
    93
    Views:
    540
    J. Clarke
    Jun 16, 2014
Loading...

Share This Page