Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

using one public ip for ssh`ing to different internal servers using port-redirections

Hi, we are having a requirement to use the same public IP to ssh into different internal servers using port re-direction. So lets say from outside, if a user does ssh @ root 4.4.4.4 2222, it should go to a sshsrv1 and then ssh @ root 4.4.4.4 2223 to sshsrv2

My config is like this:-

object network sshsrv1

host 10.110.100.10

nat (inside,Outside) static 4.4.4.4 service tcp 22 2222

And then i allowed the object "sshsrv1" in my inbound acl from outside.

It dosen`t seem to work. Is this doeable?

Any suggestions??

5 REPLIES
Super Bronze

using one public ip for ssh`ing to different internal servers us

Hi,

Did you allow the traffic using the real destination port of TCP/22?

You mentioned already that you allowed the traffic by using the created "object" named "sshsrv1". And since the new NAT configuration format and operation you will have to allow the traffic to the local IP address and also the local port.

- Jouni

Community Member

using one public ip for ssh`ing to different internal servers us

Hi Jouni, all traffic is allowed to "sshsrv1 and 2".

Super Bronze

using one public ip for ssh`ing to different internal servers us

Hi,

Would need to see your NAT configurations.

There is a possibility that you have a NAT configuration that might be preventing this from working. Then again you are using an extra public IP address for this so it seems strange.

Could you try the "packet-tracer" command

packet-tracer input outside tcp 12345 2222

This should tell us if there is some problem in the ASA configurations.

- Jouni

Community Member

using one public ip for ssh`ing to different internal servers us

sure will do, there is also another object with a different name but same ip-

object network websrv1

host 10.110.100.10

nat (inside,Outside) static 4.4.4.4 service tcp https 5676

This Nat rule works. Could this be preventing it?

Super Bronze

using one public ip for ssh`ing to different internal servers us

Hi,

That NAT configuration should cause no problems. Its just a Static PAT for another port so there should be no problem with that.

- Jouni

285
Views
0
Helpful
5
Replies
CreatePlease to create content