Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello.
I have the below problem that I am trying to solve. In an ASA cluster of two 5545-X I am trying to publish an internal server on the Internet by using a different port from the one that the service is listening. In detail I want external user...
Same here. CUC subscriber installation 11.5.1.11900-26. I've checked everything after going all the way back power down and then power up again everything worked fine!!!
It worked as you've suggested. It was a miss configuration from my side.
From what I understand ASA (for inbound packets) first checks if there is any NAT statement that matches and then checks if there is an ACE.
While for the outbound is the rever...
Here is the abbreviated output of the show access-group
access-group out-in in interface OUTSIDE
and below is the abbreviated output of the show access-list out-in
access-list out-in extended permit tcp any host 172.31.255.4 eq 3389
Thank you.
Still doesn't work. The config is currently the below:
object network 172.31.255.4 nat (INSIDE,OUTSIDE) static 1.1.1.1 service tcp 3389 65001
access-list out-in line 1 extended permit tcp any host 172.31.255.4 eq 3389
It works only when I have the...
I've tested the access list with 3389 as the destination port and left the object NAT statement with same number for real and mapped port (3389) and works. When I change the access list and the object NAT to support 65001 there is no connection.
