I'm in the process of upgrading from an old WRT54GL running Tomato to a Cisco ASA 5505, versioning as follows:
Cisco Adaptive Security Appliance Software Version 9.1(5)21
Device Manager Version 7.4(1)
On Tomato I had configured a simple port forward directing all traffic coming in on port 5060 to the Asterisk server's local IP address, also port 5060. I can't seem to achieve the same thing with the ASA 5505.
I have another port forward to an internal webserver that works just fine, so why does the port forward for SIP traffic not work?! I have configured them both the same way...
Asterisk Host/NAT/Access List (this does NOT work)
object network Asterisk_TCP
host 192.168.89.15
nat (inside,outside) static interface service tcp 5060 5060
object network Asterisk_UDP
host 192.168.89.15
nat (inside,outside) static interface service udp 5060 5060
access-list INBOUND extended permit tcp any object Asterisk_TCP eq 5060
access-list INBOUND extended permit udp any object Asterisk_UDP eq 5060
Webserver Host/NAT/Access List (this DOES work!)
object network Webserver
host 192.168.89.14
nat (inside,outside) static interface service tcp 80 80
access-list INBOUND extended permit tcp any object Webserver eq 80
Using this service checking tool for testing, port 80 works just fine whereas port 5060 says "Connection Refused."
I don't understand how this can be seeing as I used the exact same configuration for both requirements! Any help would be greatly appreciated!
No comments:
Post a Comment