06-28-2018 05:10 PM - edited 02-21-2020 07:55 AM
Hello, i have a problem and don't know how to solve it
Need: Publish a port on the firewall to forwarding it to a known port on a private server.
Public IP:8080 -> Private IP:80
I already have some configuration that works but on DMZ interface:
if i make:
packet-tracer input outside tcp somepublicIP 23442 MypublicIP 2222
It work perfectly, but if i do:
packet-tracer input outside tcp somepublicIP 23442 MypublicIP 8080
Does not work, so i am thinking that the problem is the NAT(PAT) that is not doing it right..
nat (inside,outside) source static OBJ-192.168.24.106 interface service OBJ-TCP-www OBJ-TCP-8080
Solved! Go to Solution.
07-11-2018 07:39 AM
Well.. sorry for take so long.. I moved the NAT rule a few positions up and the problem gone away.. So i really don't understand why.. but the problem is solved.
06-28-2018 09:12 PM
06-29-2018 05:49 AM
Hello, ok
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop external_ip using egress ifc identity
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
06-30-2018 09:54 AM
07-11-2018 07:39 AM
Well.. sorry for take so long.. I moved the NAT rule a few positions up and the problem gone away.. So i really don't understand why.. but the problem is solved.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: