08-09-2015 12:09 AM - edited 03-11-2019 11:24 PM
NAT'ing external port 8080 to go to port 80 internally isn't working for me. Seems the auto/dynamic NAT statement for the server is working, and will just forward to port 80 when I try it, but not port 8080. Searched all over and it seems I have all of the needed components for what I am trying to do (and worked fine in 8.2).
But since the NAT statement is getting 0 hits, I'm thinking I might be missing a key statement for 9.1:
(1.1.1.1 = ext./public IP and 192.168.1.100 = internal IP)
object network srv1
host 192.168.1.100
object network srv1_ext
host 1.1.1.1
object network srv1-01
host 192.168.1.100
access-list outside_access_in extended permit tcp any4 object srv1 eq 8080
object network srv1
nat (inside,outside) static srv1_ext
object network obj_any
nat (inside,outside) dynamic interface
object network srv1-01
nat (inside,outside) static srv1_ext service tcp 8080 80
Even tried removing the "nat (inside,outside) static srv1_ext" statement in case that was getting hit first, and it didn't make a difference.
-Ed
Solved! Go to Solution.
08-09-2015 01:30 AM
The users on the Internet use port 8080 and your server is using port 80? Then your commands are wrong:
access-list outside_access_in permit tcp any4 object srv1 eq 80 ! object network srv1-01 nat (inside,outside) static srv1_ext service tcp 80 8080
08-09-2015 01:30 AM
The users on the Internet use port 8080 and your server is using port 80? Then your commands are wrong:
access-list outside_access_in permit tcp any4 object srv1 eq 80 ! object network srv1-01 nat (inside,outside) static srv1_ext service tcp 80 8080
08-11-2015 10:22 AM
That did it, but I had started with the ports the way you described and it appeared that only port 80 was working...
What I *also* had to do was eliminate this NAT statement:
object network srv1
nat (inside,outside) static srv1_ext
Otherwise it came before the other statement and allowed port 80 and 8080 would never work.
I eventually took that general NAT statement and refined to to the other service I wanted to allow for the server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide