Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
3
Helpful
5
Replies

NAT ASA Mapped to Real Port

Go to solution
keithcclark71
Level 3
Level 3

‎01-26-2024 03:25 PM

I am having a hard time with getting Nat to work from external mapped port to real port. I simply cannot remember how to do this on the AS via ASDM can someone review my screenshots and let me know what I am doing wrong here???

I am trying to get Outside interface port 50222 port forward to Internal IP 192.168.13.4 Port 2222

I am using object NAT

I also have verified internal host 192.168.13.4 is listening on 2222 

 

Preview file
95 KB
Preview file
254 KB
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-26-2024 11:44 PM

@keithcclark71 here is an example NAT rule and ACE (amend ACL name accordingly).

object nat SSHGateway
 host 192.168.13.14
 nat (UW-LAN,Outside-NEW) static interface service tcp 2222 50222
access-list <ACL NAME> permit tcp any object SSHGateway eq 2222

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kasun Bandara
VIP
VIP

‎01-26-2024 09:20 PM - edited ‎01-26-2024 09:21 PM

@keithcclark71 can you share the capture of NAT rules. specific to this object. 

your real port need to be 2222 (exact port in internal host). mapped port need to be the port used by outside users.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Go to solution
Rob Ingram
VIP
VIP

‎01-26-2024 11:44 PM

@keithcclark71 here is an example NAT rule and ACE (amend ACL name accordingly).

object nat SSHGateway
 host 192.168.13.14
 nat (UW-LAN,Outside-NEW) static interface service tcp 2222 50222
access-list <ACL NAME> permit tcp any object SSHGateway eq 2222

 

0 Helpful

Go to solution
keithcclark71
Level 3
Level 3
In response to Rob Ingram

‎01-28-2024 05:47 PM

Thanks for this Rob I was doing something strange in the GUI where the service objects I created TCP2222 and TCP50222 when I looked at closer were specified as Source tcp 2222 and source tcp 50222. I must have created the service objects differentlt some how I dunno. Its working now though appreciate it

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎01-27-2024 02:17 AM

The NAT correct 

But the ACL is not 

You need to specify the real IP of server and real port.

The flow of traffic in asa 

Ingress-> NAT (or un-NAT) -> ACL

So the ASA allow traffic after NAT and it see Real IP go to server inside since traffic initiate from outside 

Thanks 

MHM

Go to solution
keithcclark71
Level 3
Level 3
In response to MHM Cisco World

‎01-28-2024 05:48 PM

Thanks for pointing that out on the ACL

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card