I just configured VIP on a SSG140 to forward SSH from the outside interface, into my trusted network. But for some reason the trafic will not get to my server.
ethernet0/0 is configured as the WAN-link with a static IP.
The internal network is on ethernet0/4 192.168.0.0/24, with a server on 192.168.0.48.
I've got the following rules that are used to configure this;
set admin ssh port 2222
set interface ethernet0/0 vip interface-ip 22 "SSH" 192.168.0.48
set policy id 3 name "ssh" from "Untrust" to "Trust" "Any" "VIP(ethernet0/0)" "SSH" nat dst ip 192.168.0.48 permit log
set policy id 3
set log session-init
exit
The SSG-140 log of the policy shows there is an attempt being made by the SSG to forward it;
2011-08-15 13:10:04 | 87.253.131.161:3764 | xx.xx.xx.xx:22 | 87.253.131.161:3764 | 192.168.0.48:22 | SSH | 22 sec. | 234 | 0 | Close - AGE OUT |
2011-08-15 13:09:42 | 87.253.131.161:3764 | xx.xx.xx.xx:22 | 87.253.131.161:3764 | 192.168.0.48:22 | SSH | 0 sec. | 0 | 0 | Creation |
The server on ip 192.168.0.48 is configured with SSH, and verified to work. There is also no firewall enabled for testing purposes on this server.
Thanks in advance,
Michael.