cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
850
Views
3
Helpful
5
Replies

NAT ASA Mapped to Real Port

keithcclark71
Level 3
Level 3

I am having a hard time with getting Nat to work from external mapped port to real port. I simply cannot remember how to do this on the AS via ASDM can someone review my screenshots and let me know what I am doing wrong here???

I am trying to get Outside interface port 50222 port forward to Internal IP 192.168.13.4 Port 2222

I am using object NAT

I also have verified internal host 192.168.13.4 is listening on 2222 

 

1 Accepted Solution

Accepted Solutions

@keithcclark71 here is an example NAT rule and ACE (amend ACL name accordingly).

object nat SSHGateway
 host 192.168.13.14
 nat (UW-LAN,Outside-NEW) static interface service tcp 2222 50222
access-list <ACL NAME> permit tcp any object SSHGateway eq 2222

 

View solution in original post

5 Replies 5

@keithcclark71 can you share the capture of NAT rules. specific to this object. 

your real port need to be 2222 (exact port in internal host). mapped port need to be the port used by outside users.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

@keithcclark71 here is an example NAT rule and ACE (amend ACL name accordingly).

object nat SSHGateway
 host 192.168.13.14
 nat (UW-LAN,Outside-NEW) static interface service tcp 2222 50222
access-list <ACL NAME> permit tcp any object SSHGateway eq 2222

 

Thanks for this Rob I was doing something strange in the GUI where the service objects I created TCP2222 and TCP50222 when I looked at closer were specified as Source tcp 2222 and source tcp 50222. I must have created the service objects differentlt some how I dunno. Its working now though appreciate it

The NAT correct 

But the ACL is not 

You need to specify the real IP of server and real port.

The flow of traffic in asa 

Ingress-> NAT (or un-NAT) -> ACL

So the ASA allow traffic after NAT and it see Real IP go to server inside since traffic initiate from outside 

Thanks 

MHM

Thanks for pointing that out on the ACL

Review Cisco Networking for a $25 gift card