Nat port Forwarding , allows only only some ip

Discussion in 'Cisco' started by rayuthar, Apr 17, 2008.

  1. rayuthar

    rayuthar Guest


    we configured cisco asa 5505 router, with the following
    configurations. we forwarded the port 8080 to my private ip
    ( on the same lan. However the router allows from only some
    static public ip, and rejects most of the static public ip.

    Anyone can figure out the problem? Thanks in Advance!

    ASA Version 7.2(2)


    hostname hn

    domain-name default.domain.invalid

    enable password skdjfklke encrypted



    interface Vlan1

    nameif inside

    security-level 75

    ip address

    ospf cost 10


    interface Vlan2

    nameif outside

    security-level 0

    ip address

    ospf cost 10


    interface Vlan13

    no forward interface Vlan2

    nameif lan2

    security-level 75

    ip address



    interface Ethernet0/0

    switchport access vlan 2


    interface Ethernet0/1

    switchport access vlan 2


    interface Ethernet0/2


    interface Ethernet0/3


    interface Ethernet0/4


    interface Ethernet0/5


    interface Ethernet0/6


    interface Ethernet0/7


    passwd dsaasdYREI.2OPuU encrypted

    banner motd hn...

    banner motd Please dont change any configurations with out the
    permission of net

    work admin..

    banner motd Thank you..

    no ftp mode passive

    clock timezone IST 7 30

    dns server-group DefaultDNS

    domain-name default.domain.invalid

    same-security-traffic permit inter-interface

    same-security-traffic permit intra-interface

    object-group service vnc tcp

    description vnc

    port-object range 5900 5905

    object-group service pramana-ssh tcp

    port-object range 10022 10022

    access-list 101 extended permit tcp any host object-
    group vnc ina


    access-list 101 extended permit tcp any host eq ssh

    access-list 101 extended permit tcp any host eq 8080

    access-list 101 extended permit tcp any host eq 10022

    access-list 101 extended permit tcp any host eq 3830

    access-list inside_access_in remark Implicit rule: Permit all traffic
    to less se

    cure networks

    access-list inside_access_in extended permit ip any any

    pager lines 24

    logging enable

    logging timestamp

    logging standby

    logging asdm informational

    logging host inside

    logging permit-hostdown

    mtu inside 1500

    mtu outside 1500

    mtu lan2 1500

    icmp unreachable rate-limit 1 burst-size 1

    asdm image disk0:/asdm-522.bin

    no asdm history enable

    arp timeout 14400

    global (outside) 1 interface

    nat (inside) 1

    static (inside,outside) tcp interface 10022 10022 netmask


    static (inside,outside) tcp interface 3830 3830 netmask


    static (inside,outside) tcp 8080 8080 netmask


    access-group inside_access_in in interface inside

    access-group 101 in interface outside

    route outside 1

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat

    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    disconnect 0:02:00

    timeout uauth 0:05:00 absolute

    group-policy DfltGrpPolicy attributes

    banner none

    wins-server none

    dns-server none

    dhcp-network-scope none

    vpn-access-hours none

    vpn-simultaneous-logins 3

    vpn-idle-timeout 30

    vpn-session-timeout none

    vpn-filter none

    vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

    password-storage disable

    ip-comp disable

    re-xauth disable

    group-lock none

    pfs disable

    ipsec-udp disable

    ipsec-udp-port 10000

    split-tunnel-policy tunnelall

    split-tunnel-network-list none

    default-domain none

    split-dns none

    intercept-dhcp disable

    secure-unit-authentication disable

    user-authentication disable

    user-authentication-idle-timeout 30

    ip-phone-bypass disable

    leap-bypass disable

    nem disable

    backup-servers keep-client-config

    msie-proxy server none

    msie-proxy method no-modify

    msie-proxy except-list none

    msie-proxy local-bypass disable

    nac disable

    nac-sq-period 300

    nac-reval-period 36000

    nac-default-acl none

    address-pools none

    client-firewall none

    client-access-rule none


    functions url-entry

    html-content-filter none

    homepage none

    keep-alive-ignore 4

    http-comp gzip

    filter none

    url-list none

    customization value DfltCustomization

    port-forward none

    port-forward-name value Application Access

    sso-server none

    deny-message value Login was successful, but because certain
    criteria have not

    been met or due to some specific group policy, you do not have
    permission to us

    e any of the VPN features. Contact your IT administrator for more

    svc none

    svc keep-installer installed

    svc keepalive none

    svc rekey time none

    svc rekey method none

    svc dpd-interval client none

    svc dpd-interval gateway none

    svc compression deflate

    username admin password lpTWt99OGW0dN6ef encrypted privilege 15

    http server enable

    http inside

    no snmp-server location

    no snmp-server contact

    snmp-server enable traps snmp authentication linkup linkdown coldstart

    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

    crypto map outside_map 20 set pfs

    crypto map outside_map 20 set peer

    crypto map outside_map 20 set transform-set ESP-3DES-MD5

    crypto map outside_map interface outside

    crypto isakmp enable outside

    crypto isakmp policy 10

    authentication pre-share

    encryption 3des

    hash md5

    group 2

    lifetime 86400

    telnet inside

    telnet timeout 15

    ssh inside

    ssh timeout 5

    console timeout 0

    dhcpd auto_config outside


    dhcpd address inside

    dhcpd dns interface inside

    dhcpd option 66 ip interface inside

    dhcpd enable inside



    class-map inspection_default

    match default-inspection-traffic



    policy-map type inspect dns preset_dns_map


    message-length maximum 512

    policy-map type inspect http http_map


    protocol-violation action drop-connection

    policy-map global_policy

    description pramana_ssh

    class inspection_default

    inspect dns preset_dns_map

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect rsh

    inspect rtsp

    inspect esmtp

    inspect sqlnet

    inspect skinny

    inspect sunrpc

    inspect xdmcp

    inspect netbios

    inspect tftp

    inspect http http_map

    inspect icmp

    inspect icmp error


    service-policy global_policy global

    prompt hostname context


    : end

    rayuthar, Apr 17, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.