We have (2) identical services in their local network we would like to access remotely.
#1 - Local device internally at 192.168.2.90 port 2601
#2 - Local device internally at 10.0.50.90 port 2601
We would like device #2 to be accessible on the same external IP (174.XX.XX.XX6) as device #1 but using external port 2602 instead. The previous cisco config had the #2 device only accessible on a secondary external IP (174.XX.XXX.XX7). I am not sure if that worked.
I added the NAT rules to allow for both, and I added the port 2602 to the object-group firewall rule, but I must have screwed up somewhere because the ports show closed still.
Here are the nat rules with my changes in bold (you can see the working port 2601 on local IP 192.168.2.90 in these rules too):
ip nat inside source static tcp 10.0.50.90 2601 174.76.XXX.XX7 2601 extendable
ip nat inside source static tcp 10.0.50.90 2601 interface GigabitEthernet0/0/0 2602
ip nat inside source static tcp 10.1.3.251 443 interface GigabitEthernet0/0/0 48443
ip nat inside source static tcp 10.1.3.251 41796 interface GigabitEthernet0/0/0 41796
ip nat inside source static tcp 10.1.1.31 80 interface GigabitEthernet0/0/0 48088
ip nat inside source static tcp 10.1.4.10 8082 interface GigabitEthernet0/0/0 8082
ip nat inside source static tcp 192.168.1.40 3001 interface GigabitEthernet0/0/0 3001
ip nat inside source static tcp 192.168.1.40 2001 interface GigabitEthernet0/0/0 2001
ip nat inside source static tcp 192.168.2.51 1319 interface GigabitEthernet0/0/0 1319
ip nat inside source static tcp 192.168.2.90 2601 interface GigabitEthernet0/0/0 2601
ip nat inside source route-map RMAP_NAT interface GigabitEthernet0/0/0 overload
ip nat inside source route-map RMAP_NAT_DSL interface ATM0/1/0.1 overload
Here is the port I added to the object-group (in bold):
object-group network ElkAlarm
host 192.168.2.90
host 10.0.50.90
!
object-group service ElkAlarmPorts
tcp eq 2601
tcp eq 2602
Please let me know what I am missing or did incorrectly.
