Solved: Re: Port redirection on ASA 5510

kerryjcox · ‎08-28-2008

I was successful in configuring my ASA 5510 to allow on incoming queries on port 80 to 204.xxx.xxx.178 to be redirected to port 8123 and go to the internal IP of 192.168.100.178.

I set this up on the ASDM under the NAT Rules section. I used the PAT section to redirect incoming queries on port 80 to 8123.

However, we can no longer connect ssh to that server. I am assuming ALL connections are being redirected even though that is no longer the case.

Is there any way to allow only port 80 queries to be redirected? We would still like to ssh in and have other connections be valid.

I can provide config files if needed.

Thanks.

branfarm1 · ‎08-28-2008

What does the ASDM log say when you attempt to connect to that server via SSH? If the PAT is failing, it should log an error indicating such. Have you verified that your outside access-list allows ssh incoming to that address?

View solution in original post

branfarm1 · ‎08-28-2008

What does the ASDM log say when you attempt to connect to that server via SSH? If the PAT is failing, it should log an error indicating such. Have you verified that your outside access-list allows ssh incoming to that address?

kerryjcox · ‎08-28-2008

Actually, I figured it out. I had to add multiple static NAT entries for each protocol I was to admit. By watching the log files I was able to see the problem. So now I have three Static NAT entries, one for the port 80 redirection to 8123 and one for port 22 to port 22 and one for another basic port.

My problem was that I was looking at the problem from outside coming in, when typically PAT looks at inside going out, at least in my mind.

Thanks.