Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA static NAT works til I Enable Port Translation

ASA 8.0(4), ASDM 6.1(3) I'm trying to do ssh from 1 inside host to an outside host. Static NAT translates private IP to public IP, translates response back - all good. But my app won't allow custom port, outside host must have port 20022. So I Enable Port Translation, original port ssh, translated port 20022. ASDM Packet Tracer Tools says it works, shows my IP and port translation. BUT when I run the real thing I get no translation of IP or Port - sniffer outside of ASA shows my inside IP as source IP trying to route across the internet. So my static NAT works with no Port Translation, but quites entirely with Port Translation. What do I have wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA static NAT works til I Enable Port Translation

Do you mean that the outside host is listening on port 20022 instead of 22?

If that is the case then you need to do outside nat. Keep the static (inside,outside) for the inside host translation. If the outsider is listening on 20022 and the insider is trying to use 22 then the 22 destined to the outside needs to be translated to 20022. That would be done by using

static (outside,inside) tcp 22 20022.

I hope it helps.

PK

2 REPLIES
Cisco Employee

Re: ASA static NAT works til I Enable Port Translation

Do you mean that the outside host is listening on port 20022 instead of 22?

If that is the case then you need to do outside nat. Keep the static (inside,outside) for the inside host translation. If the outsider is listening on 20022 and the insider is trying to use 22 then the 22 destined to the outside needs to be translated to 20022. That would be done by using

static (outside,inside) tcp 22 20022.

I hope it helps.

PK

New Member

Re: ASA static NAT works til I Enable Port Translation

exactly what I needed, thanks very much. Now I need to cogitate a while, so I can understand why it's which when getting the job done.

347
Views
0
Helpful
2
Replies
CreatePlease to create content