Static Nat help

mo shea · ‎02-28-2007

Hi...

We are usinng an ASA 5520 as a front end firewall and an ISA server as a back end server. The latter is connected to the inside interface of the ASA. All the LAN PCs are connected to a second interface on the ISA. The design looks like this

Internet<---->ASA<----->ISA<------>LAN

Our ISP supplies us a range of public IPs, x.x.x.1/224 to x.x.x.31/224.

In order to let clients access the Internet, I only do a static nat for the ISA server external interface, since we use it for http traffic and email hosting.

My question is that Static Nat works when the mapped public ip is the same as the ASA Outside interface, i.e. x.x.x.3. If I change the static nat statement to any othe public IP, example x.x.x.29, all connections are lost.

Is there any reason for this behaviour.

One other issue is that while static nat is functioning, I can send email messages but cannot receive any, couldnt find a solution yet.

All help is appreciated

We use ASA 7.2. Nat-control is not configured

Thanks.

jserevitch · ‎03-04-2007

i have seen this when the isp does not allocate the right IP block to you. your first step would be to confirm with them 100% that this is your block. secondly, can you post "show run static" and "show run access-list"

many thanks

ROBERTO TACCON · ‎03-05-2007

One other issue is that while static nat is functioning, I can send email messages but cannot receive any, couldnt find a solution yet.

Have you verified the inspect (smtp or esmtp)configuration ?

mo shea · ‎03-05-2007

Thanks for the responses,

I have removed esmtp from the insppect list. I am thinking to nat the ISA servers external IP to one from my pool, while keeping the current static mappings.

I will test it today and post the configs.

Thanks