using one public ip for ssh`ing to different internal servers using port-redirections

sandevsingh · ‎01-23-2014

Hi, we are having a requirement to use the same public IP to ssh into different internal servers using port re-direction. So lets say from outside, if a user does ssh @ root 4.4.4.4 2222, it should go to a sshsrv1 and then ssh @ root 4.4.4.4 2223 to sshsrv2

My config is like this:-

object network sshsrv1

host 10.110.100.10

nat (inside,Outside) static 4.4.4.4 service tcp 22 2222

And then i allowed the object "sshsrv1" in my inbound acl from outside.

It dosen`t seem to work. Is this doeable?

Any suggestions??

Jouni Forss · ‎01-23-2014

Hi,

Did you allow the traffic using the real destination port of TCP/22?

You mentioned already that you allowed the traffic by using the created "object" named "sshsrv1". And since the new NAT configuration format and operation you will have to allow the traffic to the local IP address and also the local port.

- Jouni

sandevsingh · ‎01-23-2014

Hi Jouni, all traffic is allowed to "sshsrv1 and 2".

Jouni Forss · ‎01-23-2014

Hi,

Would need to see your NAT configurations.

There is a possibility that you have a NAT configuration that might be preventing this from working. Then again you are using an extra public IP address for this so it seems strange.

Could you try the "packet-tracer" command

packet-tracer input outside tcp 12345 2222

This should tell us if there is some problem in the ASA configurations.

- Jouni

sandevsingh · ‎01-23-2014

sure will do, there is also another object with a different name but same ip-

object network websrv1

host 10.110.100.10

nat (inside,Outside) static 4.4.4.4 service tcp https 5676

This Nat rule works. Could this be preventing it?

Jouni Forss · ‎01-23-2014

Hi,

That NAT configuration should cause no problems. Its just a Static PAT for another port so there should be no problem with that.

- Jouni