ASA 5505 static/nat wont work

Unanswered Question
Jun 25th, 2007
User Badges:

My problem is that with my new 5505 the outside world does not have access to my web and mail services. when I show access-list, the hit count does not go up when I know there are web and mail requests coming in.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 06/25/2007 - 11:37
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Could you post a sanitised version of your config please.


Jon

l.alias Tue, 06/26/2007 - 10:53
User Badges:

If you need more of de config, please let my no.


access-list outside_access_in extended permit tcp any host 62.192.102.102 eq 4899

access-list outside_access_in extended permit tcp any host 62.192.102.102 eq https

access-list outside_access_in permit tcp any host 62.192.102.102 eq smtp

access-list outside_access_in extended permit tcp host test1 host 62.192.102.102 eq 65000

access-list outside_access_in extended permit tcp host test2 host 62.192.102.102 eq 65000

access-list nonat1 extended permit ip 192.168.200.0 255.255.255.0 192.168.123.0 255.255.255.0


global (outside) 1 interface

nat (inside) 0 access-list nonat1

nat (inside) 1 192.168.200.0 255.255.255.0

static (inside,outside) tcp 62.192.102.102 65000 192.168.200.13 65000 netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 smtp 192.168.200.5 smtp netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 443 192.168.200.5 443 netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 4899 192.168.200.5 4899 netmask 255.255.255.255

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 62.192.102.101 1


acomiskey Tue, 06/26/2007 - 10:55
User Badges:
  • Green, 3000 points or more

Is 62.192.102.102 also the outside inteface address of the ASA?

l.alias Wed, 06/27/2007 - 02:06
User Badges:

no, the address of the outside interface (vlan1) is 62.192.102.202.

acomiskey Wed, 06/27/2007 - 04:49
User Badges:
  • Green, 3000 points or more

The config looks fine, as long as 62.192.102.102 is being routed to you it should be ok.

Actions

This Discussion