Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
2
Replies

ASA 5510 problem - Static NAT not working

bishop777
Level 1
Level 1

‎03-21-2007 07:42 AM - edited ‎02-21-2020 01:27 AM

Hello,

We are currently in the process of replacing our Novell Bordermanager server with an ASA 5510.

I am new to this, though I have set up the unit according to the documentation. Dynamic NAT appears to work, however the static NATs i've created do not work.

Currently, access lists are set up to allow everything through. During testing, the WAN router was set to point to the security device IP as the gateway for all traffic not destined for the WAN.

I've also tried disabling the Bordermanager server and setting this device to the same public IP it had just in case the internet router (which is managed by the IP) was pointing to the Bordermanager servers IP, and it still didn't work.

NAT control is disabled.

Does anyone see anything wrong with my configuration, or can point me in the right direction for troubleshooting the issue (we've tried a number of things but, being inexperienced with Cisco security devices and network infrastructure in general, we haven't had much success in determining the problem)

My configuration (with some things censored for confidentiality reasons) is attached.

Preview file
5 KB
0 Helpful
2 Replies 2

ggilbert
Cisco Employee
Cisco Employee

‎03-21-2007 08:24 AM

Hi,

Just a random thought - Do you think the external MAC of your Bordermanager might be cached with the IP address on the ISP router, if so, then - you might want to ask them clear the arp entries or wait till it clears automatically or if you have access to that device - just pull the power - wait for a minute - plug it back in.

I do not see anything on the ASA config that would be a problem.

Everything is configured correctly.

Thanks

Gilbert

0 Helpful

abinjola
Cisco Employee
Cisco Employee

‎03-22-2007 01:53 PM

ok first thing...are you getting hit counts on the access list for those public IP ?

If not then traffic is not reaching the FW for those public ip, check on the upstream router..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card