My understanding is that on the ASA, the traditional way to do static manual NAT rules on ASA, is write the the in the order:
nat (src_int,dst_int) static [src] [src] [dst] [dst] service [port] [port] I just implemented a rule that wouldn't work in this order today. The rule I did is below
nat (INSIDE,OUTSIDE) source static SERVER interface destination static CLIENT CLIENT service port22 port2016 The rule doesn't work. I tested a connection from the client to the server, and see the packet come in correct in a live capture, but not leave the ASA. Having read through the logs, you just get generic errors of: TCP request discarded.
In any event, I tried the rule the opposite way around and it works:
nat (OUTSIDE,INSIDE) source static CLIENT CLIENT destination static interface SERVER service port2016 port22 Can't get my head around this. Aren't they the same thing? Note, for the sake of testing, I just put permit any any on all the interfaces, so that I know it couldn't be any ACLs.
No comments:
Post a Comment