https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415599#M270999 <HTML><HEAD></HEAD><BODY><P>sure will do, there is also another object with a different name but same ip- </P><P></P><P>object network websrv1</P><P>host 10.110.100.10</P><P> nat (inside,Outside) static 4.4.4.4 service tcp https 5676</P><P></P><P>This Nat rule works. Could this be preventing it? </P></BODY></HTML> Thu, 23 Jan 2014 20:55:41 GMT sandevsingh 2014-01-23T20:55:41Z https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415595#M270995 <P>Hi, we are having a requirement to use the same public IP to ssh into different internal servers using port re-direction. So lets say from outside, if a user does <SPAN style="text-decoration: underline;">ssh @ root 4.4.4.4 2222</SPAN>, it should go to a sshsrv1 and then <SPAN style="font-size: 10pt;"><SPAN style="text-decoration: underline;">ssh @ root 4.4.4.4 2223</SPAN> to sshsrv2</SPAN></P><P></P><P>My config is like this:-</P><P>object network sshsrv1</P><P>host 10.110.100.10</P><P> nat (inside,Outside) static 4.4.4.4 service tcp 22 2222</P><P></P><P>And then i allowed the object "sshsrv1" in my inbound acl from outside. </P><P></P><P>It dosen`t seem to work. Is this doeable?</P><P></P><P>Any suggestions??</P> Tue, 12 Mar 2019 03:34:54 GMT https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415595#M270995 sandevsingh 2019-03-12T03:34:54Z https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415596#M270996 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Did you allow the traffic using the real destination port of TCP/22?</P><P></P><P>You mentioned already that you allowed the traffic by using the created <STRONG>"object"</STRONG> named <STRONG>"sshsrv1".</STRONG> And since the new NAT configuration format and operation you will have to allow the traffic to the local IP address and also the local port.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 23 Jan 2014 20:36:01 GMT https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415596#M270996 Jouni Forss 2014-01-23T20:36:01Z https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415597#M270997 <HTML><HEAD></HEAD><BODY><P>Hi Jouni, all traffic is allowed to "sshsrv1 and 2". </P></BODY></HTML> Thu, 23 Jan 2014 20:44:01 GMT https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415597#M270997 sandevsingh 2014-01-23T20:44:01Z https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415598#M270998 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Would need to see your NAT configurations.</P><P></P><P>There is a possibility that you have a NAT configuration that might be preventing this from working. Then again you are using an extra public IP address for this so it seems strange.</P><P></P><P>Could you try the <STRONG>"packet-tracer"</STRONG> command </P><P></P><P><STRONG>packet-tracer input outside tcp <RANDOM source="" ip=""> 12345 <NAT ip=""> 2222</NAT></RANDOM></STRONG></P><P></P><P>This should tell us if there is some problem in the ASA configurations.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 23 Jan 2014 20:47:25 GMT https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415598#M270998 Jouni Forss 2014-01-23T20:47:25Z https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415599#M270999 <HTML><HEAD></HEAD><BODY><P>sure will do, there is also another object with a different name but same ip- </P><P></P><P>object network websrv1</P><P>host 10.110.100.10</P><P> nat (inside,Outside) static 4.4.4.4 service tcp https 5676</P><P></P><P>This Nat rule works. Could this be preventing it? </P></BODY></HTML> Thu, 23 Jan 2014 20:55:41 GMT https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415599#M270999 sandevsingh 2014-01-23T20:55:41Z https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415600#M271000 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>That NAT configuration should cause no problems. Its just a Static PAT for another port so there should be no problem with that.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 23 Jan 2014 21:09:52 GMT https://community.cisco.com/t5/network-security/using-one-public-ip-for-ssh-ing-to-different-internal-servers/m-p/2415600#M271000 Jouni Forss 2014-01-23T21:09:52Z