Cisco Adaptive Security Appliance Software Version 8.0(5)9 Device Manager Version 6.2(5)
We have a machine which is connected in a DMZ and then external clients talk to the machine.
Due to historical reasons most of the clients talk to the machine on port 13002. However internally this is translated according to the source address to a different port number.
This is currently running on a watchguard firewall and works correctly.
We have tried programming this onto a cisco firewall and are coming up with some difficulties.
A static policy nat has been created using the source as the internal address of the machine, and the destination as the external addresses that we are dealing with. It translates to the REAL address of the machine and then pats to the new port number.
This works fine with the first one we put in - doing a packet trace reveals all the addresses and ports being translated correctly.
The problem occurs when we add the second set into this. For this set we just change the destination and the port number.
The firewall accepts the rule with a warning and everything looks fine.
However when you test the rule the port is always translated to the port specified in the first section and not the one requested.
The screenshot below (large) shows the rules and a packet trace to an address in the set2 group.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...