01-23-2014 12:29 PM - edited 03-11-2019 08:34 PM
Hi, we are having a requirement to use the same public IP to ssh into different internal servers using port re-direction. So lets say from outside, if a user does ssh @ root 4.4.4.4 2222, it should go to a sshsrv1 and then ssh @ root 4.4.4.4 2223 to sshsrv2
My config is like this:-
object network sshsrv1
host 10.110.100.10
nat (inside,Outside) static 4.4.4.4 service tcp 22 2222
And then i allowed the object "sshsrv1" in my inbound acl from outside.
It dosen`t seem to work. Is this doeable?
Any suggestions??
01-23-2014 12:36 PM
Hi,
Did you allow the traffic using the real destination port of TCP/22?
You mentioned already that you allowed the traffic by using the created "object" named "sshsrv1". And since the new NAT configuration format and operation you will have to allow the traffic to the local IP address and also the local port.
- Jouni
01-23-2014 12:44 PM
Hi Jouni, all traffic is allowed to "sshsrv1 and 2".
01-23-2014 12:47 PM
Hi,
Would need to see your NAT configurations.
There is a possibility that you have a NAT configuration that might be preventing this from working. Then again you are using an extra public IP address for this so it seems strange.
Could you try the "packet-tracer" command
packet-tracer input outside tcp
This should tell us if there is some problem in the ASA configurations.
- Jouni
01-23-2014 12:55 PM
sure will do, there is also another object with a different name but same ip-
object network websrv1
host 10.110.100.10
nat (inside,Outside) static 4.4.4.4 service tcp https 5676
This Nat rule works. Could this be preventing it?
01-23-2014 01:09 PM
Hi,
That NAT configuration should cause no problems. Its just a Static PAT for another port so there should be no problem with that.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide