NAT routing and port forwarding on Cisco ASA 5505

nat port-forwarding cisco

Solution 1:

Your cleanup rule on your inside interface has nothing to do with your issue.

Modern firwalls are statful so you don't need to explicitly allow traffic to go back to the original source.

What you need to do is to allow traffic from ANY to the NATED IP of your server.

access-list outside_access_in extended permit udp any host W_BASE object-group W_UDP

Then do a simple static NAT.

static (inside,outside) interface W_BASE netmask 255.255.255.255

Since you are not forwarding the ports, you can keep your NAT very simple and simply open the correct ports with your ACL.

You could also simplify your service objects like so:

object-group service W_Ports
 service-object tcp eq 3005
 service-object udp range 3000 3002

Then use W_Ports instead of having W_UDP and W_TCP.

Your ACL would then look like this:

access-list outside_access_in extended permit object-group W_Ports any object-group W_BASE

UPDATED version:

access-list outside_access_in extended permit object-group W_UDP any host W_BASE

Related

Hard drive is not detected at early stage of unattended installation
touchescancelled is called instead of touchesended
Java: How do I close a JFrame while opening another one?
SpannableString looses spans when used multiple times
Make flutter application fullscreen
How to add different CSS files to different layouts in blazor?
Embedding C# Language in an Visual Studio Code Extension
Undefined variable error when I tried to display count in the dashboard page
Understanding Count Triplets HackerRank
Crypto X509EncodedKeySpec equivalent code in Flutter
How do I parse the following time in Golang?
Python fibonacci series