ASA Port forwarding

cisco8887 · ‎02-23-2016

Hi All,

I am trying to do a port forwarding if it is received on the outside interface with ip address of 1.1.1.1 and port 2000

this packet should be translated to destination address 192.168.0.1 and port 22

here is what I have and it doesn't work

object network obj-192.01

host 192.168.0.1

object service obj-ssh

service tcp destination eq 22

object service obj-ssh2000

service tcp destination eq 2000

nat ( inside,outside) source static obj-192.01 interface service obj-ssh obj-ssh2000

I have also tried to have the object as "service tcp destination eq 22 source eq 22" with no luck . Why does the service object has source and destination and is it really used or just the port numbers are used rather than source and destination ?

I am thinking of next using "service-object port ".

the only way I can get it to work is

object network obj-192.01

nat (inside,outside) static interface service tcp 22 2000

why does it not work if not defined using object nat ?

also if I make it unidirectional does this mean all incoming connection from outside will use that rule and any traffic matching that critiria will use other nat rules?

kvaldelo · ‎02-23-2016

Hi,

Looking to your configuration lines is NAT is well configured though the service objects you need to take in consideration the NAT used is trying to NAT the source and not the destination both of them have to be configured as "source eq" rule is going from source to destination is more a matter of perspective

object network obj-192.01

host 192.168.0.1

object service obj-ssh

service tcp destination eq 22

object service obj-ssh2000

service tcp destination eq 2000

nat ( inside,outside) source static obj-192.01 interface service obj-ssh obj-ssh2000