cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2091
Views
0
Helpful
6
Replies

ASA port forwarding problem from port 222 to 22

robinandjiang
Level 1
Level 1

the request is when the traffic hit the public IP on port 222, i need to redirect to a internal server on port 22.

mu configuration is like this:

 

object network FTP-Access
nat (dmz2,outside) static FTP-SVR-Public service tcp ssh 222

access-list global_access extended permit tcp any object FTP-Access eq 222

access-group global_access global

 

but it doesn't work.

please help.

 

thanks

 

 

6 Replies 6

Hi,
You need to reference the real port in the ACL, which would be 22.

HTH

i tried both the ports in ACL, but didn't work, even no traffic hit the rule.

Is your static nat rule above the dynamic nat rule used for outbound access? Provide the output of "show nat" if unsure

Also run packet-tracer on the cli and provide the output

the static nat is above the dynamic nat, we using different public IP for different port forwarding, and the PAT still go through the main public IP.

object network FTP-Access
nat (dmz2,outside) static FTP-SVR-Public service tcp ssh 222
!
nat (dmz2,outside) after-auto source dynamic any interface

 

 

Ok, fine. What about providing the output from packet-tracer for review?

the configuration has been changed , because we decided to use the same port 22 and it works fine. 

thanks for you help.

i will set up a lab to do more tests for this issue.

 

thanks 

Review Cisco Networking for a $25 gift card