https://community.cisco.com/t5/network-security/asa-port-forwarding/m-p/2893070#M172276 <P>Hi,</P> <P></P> <P>Looking to your configuration lines is NAT is well configured though the service objects you need to take in consideration the NAT used is trying to NAT the source and not the destination both of them have to be configured as "source eq" rule is going from source to destination is more a matter of perspective&nbsp;</P> <P></P> <P></P> <P>object network&nbsp;<SPAN>obj-192.01</SPAN></P> <P>host 192.168.0.1</P> <P></P> <P>object service&nbsp;<SPAN>obj-ssh&nbsp;</SPAN></P> <P>service tcp destination eq 22</P> <P></P> <P><SPAN>object service&nbsp;</SPAN><SPAN>&nbsp;obj-ssh2000</SPAN></P> <P><SPAN>service tcp destination eq 2000</SPAN></P> <P></P> <P>nat ( inside,outside)&nbsp;source static obj-192.01 interface service obj-ssh obj-ssh2000</P> Tue, 23 Feb 2016 14:35:49 GMT kvaldelo 2016-02-23T14:35:49Z https://community.cisco.com/t5/network-security/asa-port-forwarding/m-p/2893069#M172275 <P>Hi All,&nbsp;</P> <P></P> <P>I am trying to do a port forwarding if it is received on the outside interface with ip address of 1.1.1.1 and port 2000</P> <P>this packet should be translated to destination address 192.168.0.1 and port 22</P> <P></P> <P>here is what I have &nbsp;and it doesn't work</P> <P></P> <P>object network&nbsp;<SPAN>obj-192.01 </SPAN></P> <P>host 192.168.0.1</P> <P></P> <P>object service&nbsp;<SPAN>obj-ssh&nbsp;</SPAN></P> <P>service tcp destination eq 22</P> <P></P> <P><SPAN>object service&nbsp;</SPAN><SPAN>&nbsp;obj-ssh2000</SPAN></P> <P><SPAN>service tcp destination eq 2000</SPAN></P> <P></P> <P>nat ( inside,outside)&nbsp;source static obj-192.01 interface service obj-ssh obj-ssh2000</P> <P></P> <P>I have also tried to have the object as "<SPAN>service tcp destination eq 22 source eq 22" with no luck . Why does the service object has source and destination and is it really used or just the port numbers are used rather than source and destination ?</SPAN></P> <P><SPAN>I am thinking of next using "service-object port ".</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>the only way I can get it to work is&nbsp;</SPAN></P> <P><SPAN>object network&nbsp;</SPAN><SPAN>obj-192.01</SPAN></P> <P><SPAN>nat (inside,outside) static interface service tcp 22 2000</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>why does it not work if not defined using object nat ?</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>also if I make it unidirectional does this mean all incoming connection from outside will use that rule and any traffic matching that critiria will use other nat rules?</SPAN></P> <P><SPAN></SPAN></P> Tue, 12 Mar 2019 07:23:11 GMT https://community.cisco.com/t5/network-security/asa-port-forwarding/m-p/2893069#M172275 cisco8887 2019-03-12T07:23:11Z https://community.cisco.com/t5/network-security/asa-port-forwarding/m-p/2893070#M172276 <P>Hi,</P> <P></P> <P>Looking to your configuration lines is NAT is well configured though the service objects you need to take in consideration the NAT used is trying to NAT the source and not the destination both of them have to be configured as "source eq" rule is going from source to destination is more a matter of perspective&nbsp;</P> <P></P> <P></P> <P>object network&nbsp;<SPAN>obj-192.01</SPAN></P> <P>host 192.168.0.1</P> <P></P> <P>object service&nbsp;<SPAN>obj-ssh&nbsp;</SPAN></P> <P>service tcp destination eq 22</P> <P></P> <P><SPAN>object service&nbsp;</SPAN><SPAN>&nbsp;obj-ssh2000</SPAN></P> <P><SPAN>service tcp destination eq 2000</SPAN></P> <P></P> <P>nat ( inside,outside)&nbsp;source static obj-192.01 interface service obj-ssh obj-ssh2000</P> Tue, 23 Feb 2016 14:35:49 GMT https://community.cisco.com/t5/network-security/asa-port-forwarding/m-p/2893070#M172276 kvaldelo 2016-02-23T14:35:49Z