11-25-2017 07:13 AM - edited 02-21-2020 06:49 AM
Dear all,
I want to do a static nat pat to reach a server from outside. I need an help about port translation
I have the interna ip address : 192.168.1.120
external ip address: 85.39.109.155
If I want to reach the port 80 of the server .120 but this port is already used on my pubblic address 85.39.109.155 can i adopt this solution on ASA post 8.3 ?
object network obj-192.168.1.120_80
host 192.168.1.120
nat (inside,outside) static 85.39.109.155 service tcp 8090 80
access-list outside_access_in extended permit tcp external_network host 192.168.1.120 eq 80
Thank you,
Daniele
Solved! Go to Solution.
11-27-2017 12:38 AM
Hi Daniele,
Try the following:
! object network obj-192.168.1.120_80 host 192.168.1.120 nat (inside,outside) static interface service tcp 80 8090 ! access-list outside_access_in extended permit tcp any4 host 192.168.1.120 eq 80 !
cheers,
Seb.
11-27-2017 12:38 AM
Hi Daniele,
Try the following:
! object network obj-192.168.1.120_80 host 192.168.1.120 nat (inside,outside) static interface service tcp 80 8090 ! access-list outside_access_in extended permit tcp any4 host 192.168.1.120 eq 80 !
cheers,
Seb.
11-27-2017 01:00 AM
Hi,
I need to specify the pubblic IP address because this is not the interface IP address. About the port I need to specify before the 80 and then the 8080 ?
11-27-2017 01:19 AM
Ah I see. Regarding with port number positions in the nat statement, they reflect the position of the interface names (inside, outside) / 80 8090
cheers,
Seb.
11-27-2017 03:32 AM
HI I did the nat and acl but seems that doesn't works :(
object network obj-192.168.1.120_22_2
host 192.168.1.120
nat (inside,outside) static 85.39.109.155 service tcp 22 2222
access-list outside_access_in line 23 extended permit tcp 212.210.172.192 255.255.255.192 host 192.168.1.120 eq 22
I did an ssh from putty to port 2222 on IP 85.39.109.155 but the session has refused.
11-27-2017 03:36 AM
What is the output from:
packet-tracer input outside tcp 212.210.172.193 45000 85.39.109.155 2222
11-27-2017 03:47 AM
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 85.39.109.155 255.255.255.255 identity
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rul
Seems that acl drop the traffic but now I configured a permit any any in line 1 and the results of the packet tracert is the same.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide