Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Get Cisco ASA 5505 port mapping working

Avatar of scottf_smith
scottf_smith asked on
Hardware FirewallsCisco
11 Comments1 Solution520 ViewsLast Modified:
I'm trying to configuring port mapping on my ASA 5505 and just can't seem to get it to work . Here is my CLI any ideas would be great. I've researched everything possible and still nothing works.
ASA Version 7.2(4)
!
hostname fcaz-router
domain-name fcaz.com
enable password g5Y.KJhGnRsOowX4 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.2 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group ATT
 ip address pppoe setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!            
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
 domain-name fcaz.com
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
access-list outside_in extended permit tcp any any eq www
access-list outside_in extended permit tcp any any eq 8282
access-list outside_in extended permit tcp any any eq https
access-list NONAT extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.20.1-192.168.20.10
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp xx.xxx.xx.xxx www 192.168.10.11 www netmask 255.255.255.255
static (inside,outside) tcp xx.xxx.xx.xxx https 192.168.10.11 https netmask 255.255.255.255
static (inside,outside) tcp xx.xxx.xx.xxx 8282 192.168.10.11 8282 netmask 255.255.255.255
access-group outside_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set RA-TS esp-3des esp-sha-hmac
crypto dynamic-map DYN_MAP 10 set transform-set RA-TS
crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP
crypto map VPN_MAP interface outside
crypto isakmp enable outside
crypto isakmp policy 20
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 3600
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
vpdn group ATT request dialout pppoe
vpdn group ATT localname ceofarpc@qwest.net
vpdn group ATT ppp authentication pap
vpdn username ceofarpc@qwest.net password ********* store-local
dhcpd dns 205.171.3.65
!
dhcpd address 192.168.10.30-192.168.10.100 inside
dhcpd enable inside
!

group-policy company-vpn-policy internal
group-policy company-vpn-policy attributes
 wins-server value 192.168.10.1
 dns-server value 192.168.10.1
 vpn-idle-timeout 30
username xxxxxx password 8KN8C4LsgZ5qR.W1 encrypted privilege 15
username xxxxxx password Hw9W7sQmoOCYV.Nm encrypted privilege 0
username xxxxxxxxx password PbcY6WDoTdd43zgH encrypted privilege 0
tunnel-group vpnclient type ipsec-ra
tunnel-group vpnclient general-attributes
 address-pool vpnpool
 default-group-policy company-vpn-policy
tunnel-group vpnclient ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:1cea89c5ef9060b690124f6393b88eb2
: end
ASKER CERTIFIED SOLUTION
Avatar of qbakies
qbakiesFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 11 Comments.
See Answers