Wireless Access

Hello,

my aruba controller is connected to the MZ and directly reachable from the internet.

We DNAT connections to the controller IPs to a internal system, but all other connections we want to block.

ip access-list session ExtInterface_ACL
  host x.x.x.x host x.x.x tcp 443  dst-nat ip x.x.x.x
  any any any  deny log
!

DNAT is working. If I observe the security log I can see other external systems "probing" TCP Ports and theese packets get blocked as expected.

But if I try to establish a connection via ssh to the IP Adress of this Interface I get a login promt.

#show acl hits

Port Based Session ACL
----------------------
Policy                   Src   Dst         Service/Application  Action  Dest/Opcode  New Hits  Total Hits  Index  Ipv4/Ipv6
------                   ---   ---         -------------------  ------  -----------  --------  ----------  -----  ---------
validuser                any   any         any                  permit               5         55          53     ipv4
ExtInterface_ACL  any   controller  any                  deny                 12        12          1591   ipv4
ExtInterface_ACL  any   any         any                  deny                 10        10          1592   ipv4

I guess this is related to the validuser ACL?

If yes: There are no valid users behind this interface. How can I disable this ACL for this interface?

If not: Please tell where to search for a solution.

Thanks in advance!

I forgot one thing. If I want to make this port untrusted, I get the following message:

Illegal Operation: Cannot make the port untrusted.