Welcome to Firewall.cx   Cisco Technical Knowledgebase
Modules
· Home
· Alternative Menu
· Amazon
· Cisco Decrypter
· Cisco Lab Partners
· Feedback
· Forums
· Max Arcade
· Private Messages
· Recommend Us
· Statistics
· Stories Archive
· Submit News
· Surveys
· Topics
· Web Links
· Your Account
 
Cisco Knowledgebase Articles
 
Site Info
Your IP: 38.107.191.111

Welcome, Anonymous
Nickname
Password

· Register
· Lost Password
Server Date/Time
8 September 2010 22:29:26 EEST (GMT +3)
 
Top Downloads
 
Gold Lab Partners


 
Firewall.cx: Forums

Firewall.cx :: View topic - ASA 5505 "portforward" problem. Port 80 works but
Forums Home
Forum FAQ :: Search :: Memberlist :: Usergroups
Profile :: Log in to check your private messages :: Log in

ASA 5505 "portforward" problem. Port 80 works but
Goto page Previous  1, 2		 View next topic
View previous topic
Post new topic   Reply to topic  Firewall.cx Forum Index » Design, Installation & Troubleshooting
Author Message
Linus
New Member
New Member


Joined: Apr 01, 2010
Posts: 8
PostPosted: Thu Apr 01, 2010 12:31 pm    Post subject: Reply with quote
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (dmz,outside) tcp interface 6112 10.10.10.11 6112 netmask 255.255.255.255 dns
match tcp dmz host 10.10.10.11 eq 6112 outside any
static translation to 0.0.0.0/6112
translate_hits = 0, untranslate_hits = 2
Additional Information:
NAT divert to egress interface dmz
Untranslate xx.xx.248/6112 to 10.10.10.11/6112 using netmask 255.255.255.255

Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit tcp any interface outside eq 6112
Additional Information:

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:

Phase: 7
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (dmz,outside) tcp interface 6112 10.10.10.11 6112 netmask 255.255.255.255 dns
match tcp dmz host 10.10.10.11 eq 6112 outside any
static translation to 0.0.0.0/6112
translate_hits = 0, untranslate_hits = 2
Additional Information:

Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (dmz,outside) tcp interface 6112 10.10.10.11 6112 netmask 255.255.255.255 dns
match tcp dmz host 10.10.10.11 eq 6112 outside any
static translation to 0.0.0.0/6112
translate_hits = 0, untranslate_hits = 2
Additional Information:

Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 6040, packet dispatched to next module

Phase: 12
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 10.10.10.11 using egress ifc dmz
adjacency Active
next-hop mac address 0001.4a1d.5ab7 hits 1

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: dmz
output-status: up
output-line-status: up
Action: allow
Back to top
View user's profile Send private message
r0nni3
Frequent Member
Frequent Member


Joined: Nov 11, 2008
Posts: 101
PostPosted: Thu Apr 01, 2010 12:39 pm    Post subject: Reply with quote
The ASA is doing its job.. I suggest trying to look for the problem on the server in the DMZ (unless im missing something wich is very possible X.x only had 2 hours of sleep)
_________________
Currently working as Cisco Engineer at Neon-Networking.

Certifications:
CCNA - Have it
CCNA Security - Have it
CCSP - Almost!!!!
CCIE Security - Not so far away dream
Back to top
View user's profile Send private message
Linus
New Member
New Member


Joined: Apr 01, 2010
Posts: 8
PostPosted: Thu Apr 01, 2010 1:15 pm    Post subject: Reply with quote
really?

OK! tnks for all help.

one questin more, do you know how to remove theses groups?
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service EAGamesTCP tcp
description EA
port-object eq 13505
port-object eq 18121
port-object eq 18126
object-group service EAGamesUDP udp
description EA
port-object eq 18126

can do ut from gui, and if i try it says have to temove them from interface, it says i need to remove them from access list first. Done that and saved, but each time i refresh the view i get the accesslists back again.

/Linus
Back to top
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic  Firewall.cx Forum Index » Design, Installation & Troubleshooting
Goto page Previous  1, 2

 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum




smartDark Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
 
Forums ©

© Copyright 2000-2010 Firewall.cx - All Rights Reserved

Copyright of all documents and images belonging to this site by Firewall.cx. Information contained on this site is copyrighted material.

It is illegal to copy or redistribute this information in any way without the written consent of Firewall.cx


Firewall.cx disclaims any responsibility for software and information obtained through this site or its links.


Page Generation: 1.23 Seconds