ASA 5510 problem - Static NAT not working

Unanswered Question
Mar 21st, 2007


We are currently in the process of replacing our Novell Bordermanager server with an ASA 5510.

I am new to this, though I have set up the unit according to the documentation. Dynamic NAT appears to work, however the static NATs i've created do not work.

Currently, access lists are set up to allow everything through. During testing, the WAN router was set to point to the security device IP as the gateway for all traffic not destined for the WAN.

I've also tried disabling the Bordermanager server and setting this device to the same public IP it had just in case the internet router (which is managed by the IP) was pointing to the Bordermanager servers IP, and it still didn't work.

NAT control is disabled.

Does anyone see anything wrong with my configuration, or can point me in the right direction for troubleshooting the issue (we've tried a number of things but, being inexperienced with Cisco security devices and network infrastructure in general, we haven't had much success in determining the problem)

My configuration (with some things censored for confidentiality reasons) is attached.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Wed, 03/21/2007 - 08:24


Just a random thought - Do you think the external MAC of your Bordermanager might be cached with the IP address on the ISP router, if so, then - you might want to ask them clear the arp entries or wait till it clears automatically or if you have access to that device - just pull the power - wait for a minute - plug it back in.

I do not see anything on the ASA config that would be a problem.

Everything is configured correctly.



abinjola Thu, 03/22/2007 - 13:53

ok first thing...are you getting hit counts on the access list for those public IP ?

If not then traffic is not reaching the FW for those public ip, check on the upstream router..


This Discussion