I'm well aware that there must be several posts on this topic already (I've read a few) and even searched other articles, but I am having no joy whatsoever. Perhaps this will be a chance for someone to get 5 easy points.
I'm currently running an ASA 5505 8.3.(2) and ASDM 6.3.(2). I cannot get PAT working for the life of me. I would dearly like to get my outside interface to nat port 2202 to an internal host (LXSERVER) on port 22.
OUTSIDE interface: DHCP
DMZ interface: 10.2.2.1
DMZ host: LXSERVER 10.2.2.2
e.g. any IP ----> OUTSIDE INTERFACE:2202 ----> PAT -----> LXSERVER:2202
I can access the LXSERVER from my INSIDE (192.168.2.0/24) network and access the internet from within without a problem.
nat (INSIDE,OUTSIDE) after-auto source dynamic any interface nat (LAB,OUTSIDE) after-auto source dynamic any interface nat (DMZ,OUTSIDE) after-auto source dynamic any interface access-group INSIDE_access_in in interface INSIDE access-group OUTSIDE_access_in in interface OUTSIDE access-group LAB_access_in in interface LAB
I have highlighted in bold what I see as important config. I have added the four access list entries as above purely for testing and have been trying to use the Packet Tracer to determine what is the correct ACL to have in place.
So, I have a couple of questions, namely,
1. Is my config wrong, and if so
2. What is the correct config in order to achieve my goal
3. If you were to test this with the packet tracer, what destination IP and port would you input as the relevant parameters?
Thanks for the speedy post. I just went back and tried to ssh to my server and, hey presto, it worked. It must have been the last change I made and most likely failed to test in my ever growing impatience. Seems all that reading and trial and error paid off. I also worked out that you need to use the internal ip and port in the firewall ACL but the outside interface and 'to be patted' port.
Thanks again, and as I suggested, 5 stars easily earnt!
So, for anyone else having this problem, the above config works, but be sure to note Nagaraja's information regarding the unnecessary ACLs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...