I'm using a 5505 in routed mode. I currently have the following nat, global and static statements:
Firewall# show run nat
nat (inside) 1 0.0.0.0 0.0.0.0
Firewall# show run global
global (outside) 1 interface
static (inside,outside) 74.213.XXX.XXX 192.168.100.2 netmask 255.255.255.255
Plus a few more internal IPs routed to different external IPs. As it stands, each internal IP has it's own external IP. Translation occurs between the internal and the internal IPs, ports remaining unchanged.
For the above external IP, one exception needs to be made. I'd like to have port 12345 re-directed to 192.168.100.2 port 22 (so in other words I'd like to close port 22 to the public and instead use a high-numbered port)
All the other ports can remain the same. I've already tried the obvious (adding another static entry) but I get an error message saying it overlaps with an existing entry. I've even tried assigning another internal IP to the host and creating a new NATid, but I still run into the same problem. Surely this goal doesn't require it's own external IP!?
Thanks in advance for the help!
Since your using 1-to-1 NATs it will require a new public IP. Try using a new public IP, but doing a port translation-
static (inside,outside) tcp 74.213.X.Y 12345 192.168.100.X 22 netmask 255.255.255.255
You can then add other high ports pointing to other boxes (but the same public IP).
static (inside,outside) tcp 74.213.X.Y 23456 192.168.100.Z 22 netmask 255.255.255.255
static (inside,outside) tcp 74.213.X.Y 34567 192.168.100.A 22 netmask 255.255.255.255
Hope that helps.