Port forwarding conflict with applicaton ssh

Hi,
I have 2 machines in my home network that I want to be able to ssh to from externally using different ports, 22 and 2022. Both forwarders need to forward to port 22 on the 2 machines. I only seem to be able to establish one forwarder. The second one complains that it conflicts with the first. It seems like it can't handle forwarding to the same port despite it being on a different server. Is this a known bug? Is there a workaround?
Thanks, Tom

The NAT within the home hub can only map to one port of the same number, irrespective of the device, its just the way it works.
I am not sure which routers would be capable of this.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

Similar Messages

Port Forward: Conflicts with all of them.

A bit about me: I am an IT professional 20+ years so I know how to port forward
Situation:
I had a Actiontec Gen1 router. A technician came out the other day and tried to resolve an upload speed issue. As a result, he replaced the ONT and the Router to a Gen2. He got it all up and running and left. My issue started 20 minutes after he left -- when I sat down to reestablish my port forwards.
When I tryed creating my first port forward, I got a warning message about a conflict. I looked at the list and all I had were 3 preset entries:
--Localhost                               TCP Any -> 4567
--192.168.1.100:63145          Application - TCP Any -> Any
--192.168.1.100:63145          Application - TCP Any -> 1
Now, I have done port forwards a lot with my previous router so I was a bit taken back. I did a factory restore on the router and tried to create another port forward - still conflicts.
I knew something was up so I called Verizon. A tech didn't get anywhere so they put me on the phone with Actiontec. They had me try to create a port forward and got the same results. They said the router was corrupt and to have Verizon send me another.
I got the new router in today. While the tech was setting it up in the basement, I quickly tried to create a port forward on it and it worked. I was excited and waited for him to connected it to the WAN. Once he did his thing and established outside connectivity, I tried to create another port forward, and it failed. I asked him to give me back my original Gen1 router so I could use it to troubleshoot. He did with the rule that I call him when I was done.
I got Verizon back on the line and they couldn't help. They then got me on the phone with Actiontec. A couple hours later, they still had no answer. One thing we found though was that they were also not able to connect remotely. They tried 443 and 8080 - nothing worked. I also found that I was able to create UDP port forwards - they worked fine but as soon as I tried any TCP ports, the always came back with a conflict.
Actiontec said the issue was with Verizon and that I should work with them again, so I called Verizon.
I got a great tech who was really going the extra mile instead of giving me the infamous "We don't support that". He too couldn't access the router remotely and we tried just about anything under the sun. For giggles, we decided to put my old Gen1 router back in place. He wanted to reset it to factory defaults so we did. I took a screen capture of my original port forwards though first. When we restored it, it was also stating that there is a conflict when I created a new port forward.
I took a look at my screen capture of my original Gen1 router (this is the one that was originally working over the last year) and I noticed that its 192.168.1.100 entry was set to go to Application - UDP any -> 63146. After resetting it to factory default, Verizon is now setting it to the two setting I documented above.
So now I am questioning Verizons settings that they are pushing down to the router.
My next step was to disconnect it from the WAN completely, do a factory reset and see if I can create a port forward. After doing that test, I was able to create port forwards - TCP, UDP -- they all entered without a conflict. As soon as I connected the router to the WAN and Verizon pushed their settings, it broke again.
The technician did all he could. It is Sunday today and the higher tier techs do not work on Sundays so he said he will have them contact me tomorrow. I sure hope they can resolve this!
So this is the deal:
-Go into your router and try to create a port forward. Pick anyone from the list that includes a TCP port. If you get a message stating there is a conflict, you are most likely in the same boat as I. I would bet anything that Verzion cannot access your router remotely too.
-If you ARE able to create tcp port forwards, then I would highly suggest that you do not do a factory reset. When doing so, I would bet anything that you will no longer be able to create those forwards.
-if you are able to port forward fine, do me a favor and tell me what your 192.168.1.100 port forwards are that Verizon throws in there. If I were to bet, I would bet that the ones that work are set for Application - UDP any -> 63146; If they don't work, I would bet that they are set to:
--192.168.1.100:63145          Application - TCP Any -> Any
--192.168.1.100:63145          Application - TCP Any -> 1
Anyway, that is my story. I spent a whole weekend with Verizon and I am still not working. Any data from the community will be helpful. I want to know if this is a global issue or if it is only affecting me. I have had this happen with 3 routers, 1 gen1 and 2 gen2's.
Thanks for your help in advance.
Solved!
Go to Solution.

Finally - a solution. *wipes brow*
First off, I want to state that the networking group located in the Syracuse - all the other tech need to visit them for a week and learn:
- How to talk to a customer (what to say and not to say)
- How routers work, how they can be configured, and what they are capable of. Basically, learn a bit about networking.
- Listen to the customer - they may know more than you.
Anyway, thank you very much Syracuse Team!
While working with the tech (this guy was awesome and actually listened to me about the automatic port forwards that were appearing from Verizon), he decided to to use the RJ45 network WAN connection in addition the COAX. My setup was setup to only use the COAX connection - it's been that way for over a year now.
The tech turned set it up so that my data was going through the RJ45 and the TV was going through the COAX. When he did this and we reset the router to factory, the Verizon forwarded ports were no longer showing up and as a result, I was able to create ports at will without conflict.
So beware all of you who are setup to only use the COAX connection. It appears that one of my set top boxes was now throwing in the port forwards that I noted in the original post and those were screwing everything up. Go figure that, eh? I wonder who said that some 14 tech hours ago?
Anyway - if you are unable to create port forwards without a conflict error, call up Verizon and tell them the issue. If they act like they never heard this, tell them about my situation and that adding the RJ45 connection in addition the COAX is the solution. Just make sure you reset your router to factory when they are done or else those odd port forwards won't clear.
Peace out and good luck!

BT Homehub port forwarding - Conflicts?

I am trying to set up an application for a minecraft server. I need to forward ports and I create the application for the Minecraft server with ports 25565 and when I try to actually apply it, it says:
ports setting conflict
This application ports setting conflict with others, Please correct it and try again.
I dont see how there are any conflicts? I dont have any other applications set up on my router?

Same thing happens when you try to add Xbox Live - nobody knows why. Basically a full reset seems to be the only fix and even then you have to be quick when setting up port forwarding otherwise the conflicts issue happens.
---Remember to mark as 'solved' and give stars when you like a post---

Port Forwarding Issues with Westell a 7500

I'm having troubles getting port forwarding to work on my Westell 7500 router. I have used the instructions provided at http://www22.verizon.com/ResidentialHelp/HighSpeed/Networking/Troubleshooting/PortForwarding/123866....
Having set up my own port forward I had my aplication test the port and I was told it was closed. Then I went to a third party web based port testing site (http://www.canyouseeme.org/) to confirm that the port was indeed closed and not just a problem with my aplication. The site told me that the port was closed.
So I decided to try one of the pre-created port forwards included with the modem. Using the port number provided I changed the port my aplication used and it still self-tested as closed. I then went back to canyouseeme and it too told me that the port was closed.
I should also note that in the "Port Forwarding" screen on the router the delete icon (I'm assuming that is what it is - the icon has a red X through it) does not respond to being clicked on. When I hover the mouse over the icon I get the following text overlay in the bottom left corner of the Chrome browser window - javascript&colon;deleteEntryStart(5,document.TableMgr,0);
To sum up, neither a personal nor a pre-fab port forward show in tests to be working and a function also appears to be not working.
Here's the rub - I am told by tech support that this is an L3 issue. L3 issues are not covered under regular tech support and are very expensive buy. My gut feeling is that the router is defective, but I need some way to confirm this before I start making a stink with customer service. I don't want to spend $39.00 to be told my router is broken before I can send it in and I have a feeling that customer service is going to want to have solid evidence that the problem is not pilot error before ponying up for a replacement modem.
Does anyone have any suggestions for testing the router more thouroughly? Is this a known issue? Or does anyone have any suggestions about programming the port forward?
Thank you in advance for taking the time to address this!
Solved!
Go to Solution.

If I am not mistaken, the firewall in the router must be at least low.
Otherwise, it will ignore all rules (or something along that line).
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

WRT400n Not Port Forwarding Even With Correct Settings

As the title of this post says I have the port forwarding settings correctly set for FTP (and other ports) but no luck. I'm not dumb, I know computers and routers. Even after hard reset, firmware upgrade and setup, still not working. Confirming with third party port scanner that ports not open even though they are setup, enabled and DMZ a few tries. Not firewall issue, worked fine with my previous tomato router setup. I should have never upgraded. Any suggestions other than buying a new router AGAIN?

I would suggest you to upgrade/reflash the router's firmware and re-configure the router.
You can download the firmware from linksys website.On the router setup page,Click on the Administration tab to upgrade the firmware.After upgrading the firmware...Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

Port Forwarding Issues with WVC210

Hi,
I have just purchased a WVC210 and had managed to setup the IP Camera to view internally through either Wired or Wireless at the IP address of 192.168.1.152:1024.
However, I am not able to set up the IP Camera for remote web viewing. My last attempt stopped at the point where I can remotely access my router admin login when typing the dyndns domain name I had created (e.g. myhomexxx.dyndns.biz).
The road to Cameera seems so near yet so far... Can someone help me out to see is my port forwarding is done correctly. I had tried on two different models of modem/routers and both don't seem to work and the vendor support blame it on compatbility issues and ask me to check with linksys:
This is what displayed on a Shiro modem/rounter :
Application : WebCamera (user defined)
Protocol : TCP,UDP
Source IP/Mask: 192.168.1.152 / 255.255.255.0
Destination IP/Mask: 192.168.1.152 / 255.255.255.255
Port Start / Port End: 1024 / 1024
Port Map: 80
Can someone help/tell me if I doing the right port forwarding values.... my modem/router IP is 192.168.1.1
thanks,
Crispin

I saw an article that details how to remotely access the camera. Try to follow this link:
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=16948&p_created=1219...
Other than this, I suggest contacting Cisco Tech support to further look into your concern. I believe this unit belongs to the business series devices that Cisco is now supporting. Try to go to this link for the other business series devices and the site where you can get hold of Cisco for support:
http://www.cisco.com/web/products/linksys/index.html

Port forwarding problems with WRT610N v2 + WAG54GS v1.0

Background:
I have a WAG54GS v1.0 (Annex A) which I was using to handle my home network and my ADSL connection. I bought a WRT610N v2 (which I'll refer to as the router) with the intention that it would replace the networking duties of the WAG54GS (which I'll call the modem), which would be relegated to just handling the Internet connection. Both are running their latest firmware.
I've gotten this configuration to work, but with one problem: I've lost a lot of flexibility in regard to port forwarding. The problem is that the only way I've managed to get the Internet to work is by having the router on 192.168.0.1, and the modem on 192.168.1.1. If I try and have both on 192.168.0.x or 192.168.1.x then connecting to the Internet no longer works under any configuration of options I've tried.
What this means is that when I go to setup port forwarding in the modem, I can only forwards to clients on 192.168.1.x, but the router can only forward to 192.168.0.x. The only things I can get to work are situations where port range triggering can be applied, so only when a connection is made on the relevant port to an external IP, and then that external IP also communicates back on that port. As you may guess this doesn't nearly cover all cases.
Question:
Should it be be possible to have both router and modem on either 192.168.0.x or 192.168.1.x, which would allow port forwarding to work as expected. That should have in theory been possible with the modem's bridge mode except that it's then impossible to configure the PPPoA settings necessary to connect to my ISP.
Or am I going to have to rethink the network layout (i.e. buy a dedicated ADSL modem and fully retire my WAG54GS?)
Solved!
Go to Solution.

Actually in the end what I figured out was that as far as my WRT610N was concerned my WAG54GS was my ISP, and that was all it needed to know about the Internet connection. So I set it to connect to the WAG54GS with a static IP, stuck that IP into the WAG54GS's DMZ, and left the WRT610N to handle port forwarding as all devices that connect will do so through that. (Yes, I've disabled the wireless features of the WAG54GS)
I'm reasonably sure I tried the combination of settings you've suggested (including moving the WAG54GS off the Internet port of the WRT610N, which I would have wanted to avoid anyway as I have four permanently connected devices anyway) and found it still wouldn't work. And I wasn't trying to set both to 192.168.1.1 at any point, my self-obscured point was that changing only the last block of the IP address failed to work for accessing the Internet.

Port 9000 conflicts with McAfee Backup utility

I am having a problem with my McAfee Backup utility. I receive a .NET conflict for port 9000 when it attempts to load. I was told by McAfee Tech Support that the Oracle Forms port utilizes port 9000. If this is true, how do I get around this problem. I was unsure whether to post this message on this forum or the forms forum. Please post where appropriate. Thank you

I am having a problem with my McAfee Backup utility. I receive a .NET conflict for port 9000 when it attempts to load. I was told by McAfee Tech Support that the Oracle Forms port utilizes port 9000. If this is true, how do I get around this problem. I was unsure whether to post this message on this forum or the forms forum. Please post where appropriate. Thank you

Ssh Port Forwarding Stopped Working

I have used ssh port forwarding in the past, and it has come in handy.
I have recently upgraded to Mavericks, but it does appear that my ssh port forwarding stopped some time before this. The last time I know it worked was 5/14/14, and feel it has worked more recently as well.
Here's what I do, from my Mac I ssh to my work jump server (port 22, let's say its IP is 11.22.33.44), and my jump server has access to work PC (lets say IP of 10.1.2.3). My work PC has RDP running on it on the common port 3389. I have verified that I can set up a working RDP session at work from another box. Also, I know that my jump server can get to my PC at work as I can ping my work IP if I just ssh straight to my jump server. And I know that there is no firewall stopping me from the jump server as I can also open a telnet session to my work PC on port 3389, without errors.
So, here's how I have done it in the past and it has worked, but now recently stopped working in Terminal app:
ssh -f [email protected] -L 3388:10.1.2.3:3389 -Nnv
The verbose logging shows that it sets up connectivity. If I then look to see if my local port is listening I can type:
netstat -an | grep 127.0
I will note that port 3387 is in fact LISTENing and waiting for connection
I then start my RDP client app, and start a session to "localhost:3387" (I could also use "127.0.0.1:3387", and have, but it does not work either). My RDP client eventually times out. I have turned my firewall off and on, neither way works.
Does anyone know why this may have stopped working?
Your input is most appreciated.
The verbose log shows the following is setup appropriately (with noted modifications to server names and actual IPs):
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to somewhere.net ([11.22.33.44]:22).
debug1: Local connections to localhost:3387 forwarded to remote address 10.1.2.3:3389
debug1: Local forwarding listening on 127.0.0.1 port 3387.

Unfortunately I don't have another device to test if RDP is working on my LAN, however, when I check out my network connections and this is what I see after setting up the ssh tunnel and prior to attempting the RDP connection (again names protected):
my-rmbp:~ me2$ netstat -an | grep 127.0
tcp4       0      0 127.0.0.1.3387         *.*                    LISTEN
Then, as it is difficult to catch in the middle of TCP 3-way handshaking, here's what happens after an attempt with the RDP client while it sits and spins:
my-rmbp:~ me2$ netstat -an | grep 127.0
tcp4       0      0 127.0.0.1.3387         127.0.0.1.50323        FIN_WAIT_2
tcp4       0      0 127.0.0.1.50323        127.0.0.1.3387         CLOSE_WAIT
tcp4       0      0 127.0.0.1.3387         *.*                    LISTEN
You can clearly see it's attempting to make a connection over the tunnel via my RDP client, but it's being shut down right away. I will obtain a WireShark packet capture and see exactly what's happening. Oh, and if I tried to RDP to a port other than the one I set up the port forwarding tunnel with, RDP would disconnect right away.
What I'm most interested in is why, without any known changes, other than OS updates, did this work a few months ago, and now it does not?
I have also tried other test ssh port forwarding, such as to www.apple.com forwarding 8080 on localhost to 80, and others, and none of those work either with web browsers, I assume this is something Apple has done to disable ssh port forwarding/tunneling. Perhaps someone else has bumped into this and found a fix? Please share!
Also, I have heard that you have to be root in order to set up port forwarding, but clearly this is not accurate, as it worked before, and also as you can see above it worked without root. But I tried both ways, and sadly neither worked.
Could it by my jump server? Possibly, but others at work do this and it works just fine for them from their Windoze PCs. So can't be that either.
Perhaps my capture will tell me, I'll report back here with what I discover. Thanks in advance!

WRT54GS v6 - Port Forwarding Field Colors (Yellow vs Green)?

WRT54GS v6, Firmware 1.52.0
Can anyone explain the color coding for the text field backgrounds under the "Port Forwarding" section?
I have severally seemingly normal port forwarding entries with green backgrounds, and then one entry whose text fields are all backed in yellow.
My assumption is that the 'yellow' entry is not working correctly.

normally there is no colour coding involved in Port Forwarding....may be what you are thinking is correct....

NVG589 Port Forwarding

They replaced my 2wire with a new NVG589. I am having problems with the port forwarding for several devices (DVR and Tablo). I tried looking through the fourms but it looks like everyone has port forwarding issues with this router. Is there a solutation to the problem yet?

I have not had a chance to test the port forwarding options on an NVG589, but it is very similar to the NVG510.
Login to your modem at http://192.168.1.254 (or whatever the default gateway is set to)
Click on the Firewall tab at the top
Click on NAT/Gaming
Click on Custom Services and fill out the fields as necessary and save and return to the previous page
Back on the NAT/Gaming main page, choose the Service you just created, and then choose the appropriate device in the Needed by Device field.
Click Add.
Hopefully that works, but if the NVG589 is anything like the NVG510 when it comes to this, it has an issue of having a device with a public IP address in the Needed by Device field. If that's the case, the best option in my opinion is to use your own router for port forwarding options or just go passthrough straight to your device, and just setup the NVG589 in a passthrough mode with that router or straight to that device.
To do so:
Login to your modem at http://192.168.1.254 (or whatever the default gateway is set to)
Click on the Firewall tab at the top
Click on IP Passthrough
On Passthrough Mode choose DHCPS-fixed
On Passthrough MAC Address, input the MAC Address of your router or device. (If you are not sure of the MAC Address, you can locate it by going to Device -> Device List in the NVG589. It will have a list of all the devices connected to it along with the MAC Address of the Device).
Click Save at the bottom.
Hopefully, this helps out. Let us know how it goes.
-David T

WRT320N port forwarding problem

Hi, I've got a web server on my NAS, with my old WRT54G I didn't have any issue with port forwarding but with my new WRT320N I can't get it working (I tried single and port range). My website is ok if I try to access from LAN but not from internet. I have seen http://routersetup.blogspot.com/2007/08/port-forwarding-checklist.html but there's nothing wrong in my conf. Is anyone can help me ?
Solved!
Go to Solution.

Oh it was quite simple, my NAS is a QNAP TS-109 II, I just selected high level of security in system administration > security, with that I had limited the access to 192.168.1.x network. Not a surpise I couldn't reach it from internet.
I don't think the info will help someone but it might be a reminder that you always have to look to your own configuration when you blame hardware

Port forward only allows "Same as Incomming"

I have a new actiontec mi 424 wr gen2 router and want to setup port forwarding. However it does not allow me to enter a port number in the port forwarding screen. Instead it only has the option of "Same as incomming". Does anyone know how to configure it so it accepts a port in the port forwarding option?

Here is how I forwarded port 8081 to port 80 for 192.168.1.5 internal.
Go to port forwarding and add.
Enter 192.168.1.5 for the ip address. Specify protocol and then add server ports. Call it any name you want and select protocol (TCP probably) and Select the destination port as 8081. then apply. Now you will see Service Name: whatever and server ports TCP with Any--->8081 Hit apply again and you are back to add port forwarding rule with a rule name like TCP Any--> 8081. Below that you will see forward to port with a drop down that should be on specify and default value of 80. Apply that and you now have a rule that forwards port 8081 to port 80. And you're right....that is a wacky way to have to port forward

Nginx client_ip in log file, with ssh -R Port forwarding

Hi, everyone!
First, I run a nginx server M1 (in my offce) behind a router R1 and M1's IP addr is 192.168.5.126. I set nginx's log format like this:
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
After that, I will get the correct client ip in the access log.
192.168.5.88 - - [21/Apr/2015:11:12:47 +0800] "GET /js/date.js HTTP/1.1" 200 403 "http://192.168.5.126/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36" "-"
Then, I want to visit M1 outside (in the campus) . Unfortunately, I can do nothing with the router R1. But I have a router R2 whose framework is OpenWrt and its IP 222.xx.xx.xx can be visited by anyone who has logged into the campus network.
Then I wrote a autossh service to do that:
[Unit]
Description=AutoSSH service for local port 80 forwarded to 222.xx.xx.xx:80
# place this in /etc/systemd/system/, than enable this.
After=network.target
Requires=nginx.service
After=nginx.service
[Service]
Environment="AUTOSSH_GATETIME=0" "AUTOSSH_POLL=60" "AUTOSSH_LOGFILE=/var/log/nginxssh.log"
ExecStart=/usr/bin/autossh -M 22000 -NR 222.xx.xx.xx:808:localhost:808 -NR 222.xx.xx.xx:80:localhost:80 -o TCPKeepAlive=yes -p xxxx [email protected] -i /home/username/.ssh/id_rsa
[Install]
WantedBy=multi-user.target
Yeah, It works! BUT BUT when someone visits 222.xx.xx.xx, I lost the the client ip in nginx log file. That would always be 127.0.0.1, why?
127.0.0.1 - - [27/Apr/2015:00:34:07 +0800] "GET /static/mathjax/MathJax.js?config=TeX-AMS_HTML HTTP/1.1" 304 0 "http://222.xx.xx.xx:808/url/jakevdp.github.com/downloads/notebooks/XKCD_plots.ipynb" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:37.0) Gecko/20100101 Firefox/37.0" "-"
After ``ssh -R Port forwarding``, client ip is lost?
If so, what should I use to replace ``ssh -R``?
Last edited by limser (2015-05-04 12:39:18)

It seems there is a port forwarding configuration trouble with you modem.
When you access from the WAN or from the LAN, you don't enter in you modem the same way, so the behavior is different.
It seems that the port 22 of your modem is not directly forwarded to your server. The modem itself asks you a login/password. The key-pair authentification is between laptop and server. The modem itself is not recognized during this authentification.
Don't touch your ssh-config. It's OK since it was working for monthes before you change your modem.

HELP!! asa 5505 8.4(5) problem with port forwarding-smtp

Hi I am having a big problem with port forwarding on my asa. I am trying to forward smtp through the asa to my mail server.
my mail server ip is 10.0.0.2 and my outside interface is 80.80.80.80 , the ASA is setup with pppoe (I get internet access no problem and that seems fine)
When I run a trace i get "(ACL-Drop) - flow is deied by configured rule"
below is my config file , any help would be appreciated
Result of the command: "show running-config"
: Saved
ASA Version 8.4(5)
hostname ciscoasa
domain-name domain.local
enable password mXa5sNUu4rCZ.t5y encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ISPDsl
ip address 80.80.80.80 255.255.255.255 pppoe setroute
ftp mode passive
dns server-group DefaultDNS
domain-name domain.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Server_SMTP
host 10.0.0.2
access-list outside_access_in extended permit tcp any object server_SMTP eq smtp
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (inside,outside) dynamic interface
object network server_SMTP
nat (inside,outside) static interface service tcp smtp smtp
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group ISP request dialout pppoe
vpdn group ISP localname [email protected]
vpdn group ISP ppp authentication chap
vpdn username [email protected] password *****
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c5570d7ddffd46c528a76e515e65f366
: end

Hi Jennifer
I have removed that nat line as suggested but still no joy.
here is my current config
Result of the command: "show running-config"
: Saved
ASA Version 8.4(5)
hostname ciscoasa
domain-name domain.local
enable password mXa5sNUu4rCZ.t5y encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ISP
ip address 80.80.80.80 255.255.255.255 pppoe setroute
ftp mode passive
dns server-group DefaultDNS
domain-name domain.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Server_Mail
host 10.0.0.2
access-list outside_access_in extended permit tcp any object Server_Mail eq smtp
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (inside,outside) dynamic interface
object network Server_Mail
nat (inside,outside) static interface service tcp smtp smtp
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group ISP request dialout pppoe
vpdn group ISP localname [email protected]
vpdn group ISP ppp authentication chap
vpdn username [email protected] password *****
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f3bd954d1f9499595aab4f9da8c15795
: end
also here is the packet trace
and my acl
Thanks

Port forwarding conflict with applicaton ssh

Similar Messages

Maybe you are looking for