BT Youview channels not working since Ive installed ASA 5505

I have recently installed an ASA5505 as a domestic firewall.

The ASA5505 is sitting behind a Netgear DM200 Modem Router.

The setup is as follows:

ADSL Line <-> DM200 (public IP is dynamic)

DM200 (private IP is 10.10.10.1) <-> ASA5505 Outside Interface (10.10.10.2) The network is a /30 subnet.

ASA5505 BT Youview interface (192.168.5.5/24) eth 0/4 <-> BT Youview box

This is a double NAT setup so Ive struggled slightly...

I have been unable to get any of the BT Channels since I installed the ASA.

I have placed the running config below for assistance:

: Saved
:
: Serial Number: JMX1245Z2X7
: Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
: Written by enable_15 at 16:53:30.759 UTC Sat Jan 13 2018
!
ASA Version 9.2(4)
!
hostname ciscoasa
enable password xxxxxxxxxxxxxxxxxx
names
!
interface Ethernet0/0
 description **Connection to VDSL Router**
 switchport access vlan 2
 switchport trunk allowed vlan 2-3
 switchport trunk native vlan 2
 switchport mode trunk
!
interface Ethernet0/1
!
interface Ethernet0/2
 description **Connection to Training LAN**
 switchport access vlan 1000
!
interface Ethernet0/3
!
interface Ethernet0/4
 description **Connection to BT Youview Box in Bedroom**
 switchport trunk allowed vlan 3-4
 switchport trunk native vlan 4
 switchport mode trunk
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 no pim
 no igmp
 igmp forward interface outside
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.10.10.2 255.255.255.252
 no pim
!
interface Vlan3
 nameif igmpjoins
 security-level 0
 ip address 192.168.0.254 255.255.255.0
!
interface Vlan4
 no forward interface Vlan1
 nameif youview
 security-level 90
 ip address 192.168.5.1 255.255.255.0
 igmp forward interface igmpjoins
!
interface Vlan1000
 nameif training-vlan
 security-level 0
 ip address 10.1.1.255 255.255.0.0
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network inside-BTHomeHub3_Upstairs
 host 192.168.1.3
object network inside-BTHomeHub5_Downstairs
 host 192.168.1.2
object network inside-iMac
 host 192.168.1.6
object network inside-ASA
 host 192.168.1.1


object service FTP
 service tcp source range ftp ssh destination range ftp ssh
object network youviewnat
object network youviewclients
 range 192.168.5.5 192.168.5.20
 description dhcp range on youview vlan
object-group network DM_INLINE_NETWORK_1
 network-object object obj_any
 network-object object outside_mycloud.com

 access-list global_access_1 extended permit ip 192.168.1.0 255.255.255.0 any
access-list global_access_1 extended permit ip 192.168.5.0 255.255.255.0 any
access-list global_access_1 extended permit ip any 192.168.5.0 255.255.255.0
access-list outside_access_in extended permit object-group NAS-test any4 192.168.1.0 255.255.255.0
access-list 105 extended permit ip any host 224.1.2.3
access-list youview_access_in extended permit ip object youviewclients any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu igmpjoins 1500
mtu youview 1500
mtu training-vlan 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
 nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any pat-pool interface
access-group 105 in interface outside
access-group global_access_1 global
router rip
!
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.1.67 255.255.255.255 inside
telnet timeout 30
no ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 30
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd address 192.168.1.64-192.168.1.192 inside
dhcpd dns 8.8.8.8 4.2.2.2 interface inside
dhcpd lease 604800 interface inside
dhcpd enable inside
!
dhcpd address 192.168.5.5-192.168.5.20 youview
dhcpd dns 62.6.40.178 62.6.40.162 interface youview
dhcpd domain home.edwards.com interface youview
dhcpd enable youview
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 anyconnect-essentials
username admin password xxxxxxxxxxxxxx
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:xxxxxxxxxxxxxxxxx
: end

Any help would be extremely appreciated.

Ive tried various approaches and some have gotten me somewhere nearer but Im still missing something.
Brian EdwardsSystems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian EdwardsSystems EngineerAuthor Commented:
Ive looked at the thread below prior to posting this question but it didn't completely work.

https://community.bt.com/t5/YouView-Boxes/Cisco-ASA-and-YouView-multicast/td-p/1190068
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.