1

I have a cisco running IOS 12.0(25) responding to two different IPs addresses: IP_A and IP_B. Behind this router I also have two different servers: server_A and server_B.

What I want is to forward port 22 to both servers, so:

                IP_A, port22 -> server_A, port22 
                IP_B, port22 -> server_B, port22

ATM this only works for one of them (server_A), this is my config:

interface Ethernet0/0
description Internet
ip address IP_A 255.255.255.0
ip address IP_B 255.255.255.0 secondary
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no cdp enable

ip nat pool pool_A IP_A IP_A netmask 255.255.255.0
ip nat pool pool_B IP_B IP_B netmask 255.255.255.0
ip nat inside source list A pool pool_A overload
ip nat inside source list B pool pool_B overload
ip nat inside source static tcp server_B 22 IP_B 22 extendable
ip nat inside source static tcp server_A 22 IP_A 22 extendable

access-list A permit server_A
access-list B permit server_B

Colin
  • 125
  • 2
  • 2
  • 7
  • 1
    Why are you trying to do this exactly? It sounds like you are trying to duplicate the functionality of a load balancer, but if that is the case you should opt to use a load balancer. – Charles Jun 08 '10 at 21:11
  • not load balancing here ... there're two different servers that I want to ssh from outside – Colin Jun 08 '10 at 21:31
  • is this a router or a firewall? – grufftech Jun 08 '10 at 22:02
  • this is firewall doing NAT for those servers – Colin Jun 09 '10 at 08:26
  • 1
    I could be wrong here but can't you configure the second server to use another port? That way you can access both of em? Why do they need to use the same port.. just asking out curiosity.. – rzlines Dec 12 '10 at 16:47
  • Don't you need to declare an inside and and outside NAT interface for this to work? Also, shouldn't those access lists be /32's (255.255.255.255) if this is for single hosts? http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml – jwbensley Feb 17 '12 at 21:34

0 Answers0