I have been trying to get a inbound static rule working - with no success.
What we want to to have any computer on the web access to port 7080 which is forwarded and NATted to the inside - now we have to ASA 5520 inplace ( one which we control and the other that company X controls) as per the diagram
The rules that I have in place want the Source Port to be 7080 and not the destination port on the external interface on the asa.
Rules that I have now ( I have been testing with 1 ip address)
access-list outside_nat_static_1 extended permit tcp host 220.127.116.11 eq 7080 any
The config that I have posted the the running conf. the IP address have just have a number removed eg 2.x.x.x = 22.x.x.x so then numbers should not be "that" important. ( all internal numbers are what is in place ;-)
When I test the rules with the ASDM if the packet source port is 7080 then the rules works. and if I test this from my local machine and force my local machine to send the packet from 7080 then everything works - however this should not be.
The source/port of the packet should be any - it is only the dest port that I want to NAT/forward on.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...