Port redirection on ASA 5510

Answered Question
Aug 28th, 2008
User Badges:

I was successful in configuring my ASA 5510 to allow on incoming queries on port 80 to 204.xxx.xxx.178 to be redirected to port 8123 and go to the internal IP of 192.168.100.178.

I set this up on the ASDM under the NAT Rules section. I used the PAT section to redirect incoming queries on port 80 to 8123.

However, we can no longer connect ssh to that server. I am assuming ALL connections are being redirected even though that is no longer the case.

Is there any way to allow only port 80 queries to be redirected? We would still like to ssh in and have other connections be valid.

I can provide config files if needed.

Thanks.

Correct Answer by branfarm1 about 8 years 8 months ago

What does the ASDM log say when you attempt to connect to that server via SSH? If the PAT is failing, it should log an error indicating such. Have you verified that your outside access-list allows ssh incoming to that address?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
branfarm1 Thu, 08/28/2008 - 14:54
User Badges:
  • Bronze, 100 points or more

What does the ASDM log say when you attempt to connect to that server via SSH? If the PAT is failing, it should log an error indicating such. Have you verified that your outside access-list allows ssh incoming to that address?

kerryjcox Thu, 08/28/2008 - 19:40
User Badges:

Actually, I figured it out. I had to add multiple static NAT entries for each protocol I was to admit. By watching the log files I was able to see the problem. So now I have three Static NAT entries, one for the port 80 redirection to 8123 and one for port 22 to port 22 and one for another basic port.

My problem was that I was looking at the problem from outside coming in, when typically PAT looks at inside going out, at least in my mind.

Thanks.

Actions

This Discussion