07-30-2018 04:31 AM - edited 02-21-2020 08:02 AM
Im a bit confused,
I have DMZ Server that need access from a company for remote access, but they need to access many ports, i.e SSH. HTTPS, SSDP and FTP.
Object NAT works for one port and one object, but I don't want to have to create many objects for the same DMZ Server IP address,
I have tried Twice Nat with the same configuration as the object but Twice NAT doesn't work,
nat (inside,Outside) source static DMZServer interface service https https
!
object network DMZServer
nat (inside,Outside) static interface service tcp https https
the firewall blocks the connection for the twice nat. how can i get a working nat so i can list many ports required and use the same object.
07-30-2018 06:11 AM - edited 07-30-2018 06:12 AM
object NAT dmz to outside (bidirectional) any (dont use ports) and let the outside interface ACL permit the ports.
remember to do a no nat from inside to dmz so you can actually access the server still for management
07-30-2018 09:13 AM - edited 07-30-2018 09:13 AM
I found that removing the service ports makes the nat statement work as you suggested, but why doesn't work when you add the service ports ?
Any way to add the service ports in the nat ? Ive done this before but can't seam to work it out now, wondering if migrating to 9 to 9.2(4) has made any changes to the may nat works ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide