# ASA 5515 9.2 port forwarding problem



## kjurczok (Mar 8, 2015)

Hello guys,

firstly this is my first discussion abt ASA,
i'm using 5515 with 9.2 and on other ASA 5505 i have no problem to configure port forwarding
This is my startup config, maybe You can read and check out why i cannot get local machine with ip 192.168.11.6 and port 80 from outside (internet).
I made network object and network service and access-list for this.
I'm still trying but with no luck. Maybe this is a stupid mistake ?

ASA Version 9.2(2)4
!
hostname ASA
enable password *** encrypted
names
ip local pool vpn_pool_zarzadzanie 192.168.13.240-192.168.13.250 mask 255.255.255.0
ip local pool vpn_pool_e 192.168.11.240-192.168.11.250 mask 255.255.255.0
ip local pool vpn_pool_gosc 192.168.12.240-192.168.12.250 mask 255.255.255.0
ip local pool vpn_pool_serwery 192.168.10.240-192.168.10.250 mask 255.255.255.0
ip local pool vpn_pool_serwis 192.168.0.100-192.168.0.150 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address *** 255.255.255.252
!
interface GigabitEthernet0/1
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet0/1.2
vlan 2
nameif serwery
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.3
vlan 3
nameif e
security-level 0
ip address 192.168.11.1 255.255.255.0
!
interface GigabitEthernet0/1.4
vlan 4
nameif gosc
security-level 100
ip address 192.168.12.1 255.255.255.0
!
interface GigabitEthernet0/1.5
vlan 5
nameif zarzadzanie
security-level 0
ip address 192.168.13.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa922-4-smp-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup serwery
dns domain-lookup e
dns domain-lookup gosc
dns domain-lookup zarzadzanie
dns server-group DefaultDNS
name-server 62.21.99.95
name-server 62.21.99.94
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.13.0_27
subnet 192.168.13.0 255.255.255.0
object network network_e
subnet 192.168.11.0 255.255.255.0
object network pc-konferencja
host 192.168.11.6
object service www_80
service tcp destination eq www
object service https_443
service tcp destination eq https
object service 10000-10200
service tcp destination range 10000 10200
object-group service http_https_10000-10200 tcp
port-object eq www
port-object eq https
port-object range 10000 10200
access-list global_access extended permit ip any any
access-list e_access_in extended permit ip any any
access-list zarzadzanie_lan standard permit 192.168.13.0 255.255.255.0
access-list vacl_audyt extended permit ip any any
access-list e_lan standard permit 192.168.11.0 255.255.255.0
access-list gosc_lan standard permit 192.168.12.0 255.255.255.0
access-list serwery_lan standard permit 192.168.10.0 255.255.255.0
access-list vpn_serwis extended permit ip any any
access-list vpn_ntworks standard permit 192.168.0.0 255.255.0.0
access-list outside_inside extended permit tcp any object pc-konferencja object-group http_https_10000-10200
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu serwery 1500
mtu e 1500
mtu gosc 1500
mtu zarzadzanie 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any serwery
icmp permit any e
icmp permit any gosc
icmp permit any zarzadzanie
asdm image disk0:/asdm-7221.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) source dynamic any interface dns
nat (zarzadzanie,outside) source static any any destination static NETWORK_OBJ_192.168.13.0_27 NETWORK_OBJ_192.168.13.0_27 no-proxy-arp route-lookup
nat (e,outside) source static any any destination static network_e network_e no-proxy-arp route-lookup
nat (zarzadzanie,outside) source static any any destination static obj_any obj_any
nat (e,outside) source static any any destination static obj_any obj_any
nat (gosc,outside) source static any any destination static obj_any obj_any
access-group outside_inside in interface outside
access-group global_access global
router rip
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
network 192.168.13.0
version 2
!
route outside 0.0.0.0 0.0.0.0 *** 1
service-policy global_policy global

Regards!
Chris


----------

