Solved: static nat on asa

mehta.rahul · ‎02-21-2007

Hi i need to change static association for a public ip to internal ip

right now i have following statment.

static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

it needs to be changed to

static (dmz,outside) 66.xx.xx.xx

192.168.51.14 netmask 255.255.255.255

what should I need to do ?

do i need to add no statment to previous statement and execute new ?

Jon Marshall · ‎02-21-2007

Hi

yes you should do

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

then

static (dmz,outside) 66.xx.xx.xx

192.168.51.14 netmask 255.255.255.255

You will then need to clear the xlate. Do not just enter "clear xlate" as it will remove all the xlates which will break all existing connections through the ASA.

Do

clear xlate global 66.xx.xx.xx

HTH

Jon

View solution in original post

Jon Marshall · ‎02-21-2007

Hi

yes you should do

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

then

static (dmz,outside) 66.xx.xx.xx

192.168.51.14 netmask 255.255.255.255

You will then need to clear the xlate. Do not just enter "clear xlate" as it will remove all the xlates which will break all existing connections through the ASA.

Do

clear xlate global 66.xx.xx.xx

HTH

Jon

khary · ‎02-21-2007

Yes you should put a "no" to remove the old statement then add the new statement. Ex:

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

static (dmz,outside) 66.xx.xx.xx 192.168.51.14 netmask 255.255.255.255

abinjola · ‎02-21-2007

Hello

You need to first remove the previous entry

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

Also you need to add a new static

static (dmz,outside) 66.xx.xx.xx 192.168.51.14 netmask 255.255.255.255

Then you need to clear the stale arp and xlate entries

cl xlate

cl loc

cl arp

See if it helps !