07-15-2016 04:39 AM - edited 03-12-2019 01:01 AM
I have
I did this
Object network
Object network
I get this following error when I do port forwarding in the
Result:
Action: drop
Drop-reason: (
What am
Please help.
Solved! Go to Solution.
07-18-2016 10:02 AM
1.If so what changes in the manual nat?
What changes is how you specify the ports. In auto NAT you specify the ports directly after the tcp keyword. in manual NAT you specify the ports in a service object or object group.
2.Why do we use 9006 as source which if we had to do in auto nat would have easily been the destination port?
Auto NAT doesn't use it as a destination port. When the server replies to requests it will use a source port of 9006 not a destination port of 9006. If you use a destination port in the service object it will never match the NAT rule.
3. Why can't i achieve this mapping of pool ip to the server in the inside using the auto nat?
You can use auto NAT if you like. No one is saying you can not use Auto NAT.
--
Please remember to select a correct answer and rate helpful posts
07-15-2016 05:59 AM
Your service object for port 9006 is wrong:
object service port-9006
service tcp destination eq 9006
It should be source not destination:
object service port-9006
service tcp source eq 9006
--
Please remember to select a correct answer and rate helpful posts
07-15-2016 07:03 AM
It is: request on 80 should be forwarded to 9006 so 9006 becomes the destination port, isn't it
If so, does the command line remain the same?
nat (inside,public-IP) source static obj-10.10.26.6 obj-203.156.213.173 service port-80 port-9006????
07-15-2016 07:17 AM
No, you have look at it as the server being the source as it is located on the inside and you define the real interface as inside.
07-15-2016 07:43 AM
Hi Marius,
Thank you for your input. Couldn't get waht you mean. I am bit new to this ASA world so can you please help me out.
If this becomes the source port :
object service port-9006
service tcp source eq 9006
What will be the destination port then?
What will be the command line for NAT rules?
07-15-2016 01:17 PM
When you configure inside NAT, that is when you define the inside or private network first in the nat statement (nat (inside,outsdie)) then you need to look at the NAT statement from the server point of view. It is listening and sending on port 9006, so from the server's point of view this is the source port. So since the server is sending with a source port of 9006 your NAT statement should indicate the port as a source.
Static NAT statments are bidirectional so when traffic comes from the outside to the inside network, it will be the reverse, and then be treated as destination port.
So your NAT statement should look like this.
nat (inside,public-IP) source static obj-10.10.26.6 obj-203.156.213.173 service port-9006 port-80 port-9006
nat (real_int,mapped_int) source static real_IP mapped_IP service real_port mapped_port
--
Please remember to select a correct answer and rate helpful posts
07-15-2016 09:57 PM
Thank you Marius,
Now,
Previously,
So
object network obj-192.168.0.15
This way from remote office
Hence,
443 is source port and 7443 is destination,
Actually, 201.135.201.73 is my Public IP and 203.156.213.173 is my pool IP that ISP has given and it is
3. Why can't
Thank you in advance.
07-18-2016 10:02 AM
1.If so what changes in the manual nat?
What changes is how you specify the ports. In auto NAT you specify the ports directly after the tcp keyword. in manual NAT you specify the ports in a service object or object group.
2.Why do we use 9006 as source which if we had to do in auto nat would have easily been the destination port?
Auto NAT doesn't use it as a destination port. When the server replies to requests it will use a source port of 9006 not a destination port of 9006. If you use a destination port in the service object it will never match the NAT rule.
3. Why can't i achieve this mapping of pool ip to the server in the inside using the auto nat?
You can use auto NAT if you like. No one is saying you can not use Auto NAT.
--
Please remember to select a correct answer and rate helpful posts
04-26-2020 11:36 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide