?
Solved

BT Youview channels not working since Ive installed ASA 5505

Posted on 2018-01-13
1
Low Priority
?
33 Views
Last Modified: 2018-02-06
I have recently installed an ASA5505 as a domestic firewall.

The ASA5505 is sitting behind a Netgear DM200 Modem Router.

The setup is as follows:

ADSL Line <-> DM200 (public IP is dynamic)

DM200 (private IP is 10.10.10.1) <-> ASA5505 Outside Interface (10.10.10.2) The network is a /30 subnet.

ASA5505 BT Youview interface (192.168.5.5/24) eth 0/4 <-> BT Youview box

This is a double NAT setup so Ive struggled slightly...

I have been unable to get any of the BT Channels since I installed the ASA.

I have placed the running config below for assistance:

: Saved
:
: Serial Number: JMX1245Z2X7
: Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
: Written by enable_15 at 16:53:30.759 UTC Sat Jan 13 2018
!
ASA Version 9.2(4)
!
hostname ciscoasa
enable password xxxxxxxxxxxxxxxxxx
names
!
interface Ethernet0/0
 description **Connection to VDSL Router**
 switchport access vlan 2
 switchport trunk allowed vlan 2-3
 switchport trunk native vlan 2
 switchport mode trunk
!
interface Ethernet0/1
!
interface Ethernet0/2
 description **Connection to Training LAN**
 switchport access vlan 1000
!
interface Ethernet0/3
!
interface Ethernet0/4
 description **Connection to BT Youview Box in Bedroom**
 switchport trunk allowed vlan 3-4
 switchport trunk native vlan 4
 switchport mode trunk
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 no pim
 no igmp
 igmp forward interface outside
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.10.10.2 255.255.255.252
 no pim
!
interface Vlan3
 nameif igmpjoins
 security-level 0
 ip address 192.168.0.254 255.255.255.0
!
interface Vlan4
 no forward interface Vlan1
 nameif youview
 security-level 90
 ip address 192.168.5.1 255.255.255.0
 igmp forward interface igmpjoins
!
interface Vlan1000
 nameif training-vlan
 security-level 0
 ip address 10.1.1.255 255.255.0.0
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network inside-BTHomeHub3_Upstairs
 host 192.168.1.3
object network inside-BTHomeHub5_Downstairs
 host 192.168.1.2
object network inside-iMac
 host 192.168.1.6
object network inside-ASA
 host 192.168.1.1


object service FTP
 service tcp source range ftp ssh destination range ftp ssh
object network youviewnat
object network youviewclients
 range 192.168.5.5 192.168.5.20
 description dhcp range on youview vlan
object-group network DM_INLINE_NETWORK_1
 network-object object obj_any
 network-object object outside_mycloud.com

 access-list global_access_1 extended permit ip 192.168.1.0 255.255.255.0 any
access-list global_access_1 extended permit ip 192.168.5.0 255.255.255.0 any
access-list global_access_1 extended permit ip any 192.168.5.0 255.255.255.0
access-list outside_access_in extended permit object-group NAS-test any4 192.168.1.0 255.255.255.0
access-list 105 extended permit ip any host 224.1.2.3
access-list youview_access_in extended permit ip object youviewclients any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu igmpjoins 1500
mtu youview 1500
mtu training-vlan 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
 nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any pat-pool interface
access-group 105 in interface outside
access-group global_access_1 global
router rip
!
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.1.67 255.255.255.255 inside
telnet timeout 30
no ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 30
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd address 192.168.1.64-192.168.1.192 inside
dhcpd dns 8.8.8.8 4.2.2.2 interface inside
dhcpd lease 604800 interface inside
dhcpd enable inside
!
dhcpd address 192.168.5.5-192.168.5.20 youview
dhcpd dns 62.6.40.178 62.6.40.162 interface youview
dhcpd domain home.edwards.com interface youview
dhcpd enable youview
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 anyconnect-essentials
username admin password xxxxxxxxxxxxxx
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:xxxxxxxxxxxxxxxxx
: end

Any help would be extremely appreciated.

Ive tried various approaches and some have gotten me somewhere nearer but Im still missing something.
0
Comment
Question by:Brian Edwards
1 Comment
 

Accepted Solution

by:
Brian Edwards earned 0 total points
ID: 42433651
Ive looked at the thread below prior to posting this question but it didn't completely work.

https://community.bt.com/t5/YouView-Boxes/Cisco-ASA-and-YouView-multicast/td-p/1190068
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question