Solved: Curious if I need Port Forwarding on a Switch running (2) PBR’s - Page 3

TheGoob · ‎06-29-2022

Hello

I have a SG500X with 2 PBR’s.
LAN 192.168.5.1-32 use GE 1/1 192.168.1.2 for Internet Access

LAN 192.168.5.33-64 use GE 1/2 10.0.2.2 for Internet Access.

LAN Subnet 192.168.5.0, regardless of their Internet access communicate via same Subnet.

GE 1/1 on SG500X connects to GE 1/2 on an FPR1010 which has a Subnet 192.168.1.0 and has a WAN of x.x.x.182.

So, anything on SG500X 192.168.5.1-32 will route to 192.168.1.2 which will route to x.x.x.182 for Internet.

Being that Host 192.168.5.55 would actually be on the 2nd PBR (10.0.2.2) for Internet access, it’s still on the 192.168.5.0 that also shares PBR 1 (192.168.1.2). Can I create a NAT on the FPR then a Port Forward on the Switch?

So for example, I want to SSH in to x.x.x.182 Port 66 and create a NAT /ACL to redirect that Port 66 to 192.168.1.2 and then on the FPR, being 192.168.5.55 is non the PBR2, create a Port Forward to that IP?

I have created NAT and ACL in every fashion to allow (outside) to SSH to x.x.x.182 which would NAT to 192.168.1.2 (I even tried to NAT to 192.168.5.55 and also added a static route to 192.168.5.0 via 192.168.1.2) but nothing I do allows me to connect.

Am I right to assume it is because the 192.168.5.55 is on PBR2 and not PBR1, 192.168.1.2 which leads back to x.x.x.182, and therefore has to INCOMING path to it?

So I was wondering if on SG500X I would need to make a port forward “incoming port 66 ssh goes to 192.168.5.55”

Hopefully what I am attempting makes sense enough to get some guidance.

TheGoob · ‎09-18-2022

From main FPR1010 Screen;

System Settings : Management Access : Data Interfaces [Tab] : ADD :

outside

SSH

any-ipv4

I also of course needed the NAT to translate to the inside IP and then the ACL for the permission.

That is what threw me off this whole time, I thought the ACL was the permission, and it is, but I also needed to enable SSH on the Router itself.