Static NAT

Vitor Stefaneli · ‎12-05-2014

Hello!

What is wrong with the code below?? I just want to access two RDP servers with the same public IP. I tried to use the port (33890) to differentiate each other. But did not work =/

nat (outside,inside) source static any any destination static interface RDP_Server1 service TCP_3389 TCP_3389
nat (outside,inside) source static any any destination static interface RDP_Server2 service TCP_33890 TCP_3389

object network RDP_Server1
host 192.168.2.16

object network RDP_Server2
host 192.168.2.17

object service TCP_3389
service tcp destination eq 3389

object service TCP_33890
service tcp destination eq 33890

ASA code is 9.2(2)8

Vitor Stefaneli · ‎12-05-2014

An add.

The second line did not work. The first works fine ;)

Vibhor Amrodia · ‎12-05-2014

Hi,

Can you try packet traces for both of them :-

packet input outside tcp 4.2.2.2 3456 <outside interface ip> 3389 det

packet input outside tcp 4.2.2.2 3456 <outside interface ip> 33890 det

Thanks and Regards,

Vibhor Amrodia

Karsten Iwen · ‎12-05-2014

You are configuring it in a quite unusual way. First try it the common way:

object network RDP_Server1
  host 192.168.2.16
  nat (inside,outside) static interface service tcp 3389 3389
object network RDP_Server2
  host 192.168.2.17
  nat (inside,outside) static interface service tcp 3389 33890

And remember that you have to use the real IP/ports in the ACL on the outside interface:

access-list OUTSIDE-IN permit tcp any host 192.168.2.16 eq 3389
access-list OUTSIDE-IN permit tcp any host 192.168.2.17 eq 3389