ASA 5505 static/nat wont work

Unanswered Question
Jun 25th, 2007

My problem is that with my new 5505 the outside world does not have access to my web and mail services. when I show access-list, the hit count does not go up when I know there are web and mail requests coming in.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
l.alias Tue, 06/26/2007 - 10:53

If you need more of de config, please let my no.

access-list outside_access_in extended permit tcp any host 62.192.102.102 eq 4899

access-list outside_access_in extended permit tcp any host 62.192.102.102 eq https

access-list outside_access_in permit tcp any host 62.192.102.102 eq smtp

access-list outside_access_in extended permit tcp host test1 host 62.192.102.102 eq 65000

access-list outside_access_in extended permit tcp host test2 host 62.192.102.102 eq 65000

access-list nonat1 extended permit ip 192.168.200.0 255.255.255.0 192.168.123.0 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list nonat1

nat (inside) 1 192.168.200.0 255.255.255.0

static (inside,outside) tcp 62.192.102.102 65000 192.168.200.13 65000 netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 smtp 192.168.200.5 smtp netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 443 192.168.200.5 443 netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 4899 192.168.200.5 4899 netmask 255.255.255.255

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 62.192.102.101 1

acomiskey Tue, 06/26/2007 - 10:55

Is 62.192.102.102 also the outside inteface address of the ASA?

l.alias Wed, 06/27/2007 - 02:06

no, the address of the outside interface (vlan1) is 62.192.102.202.

acomiskey Wed, 06/27/2007 - 04:49

The config looks fine, as long as 62.192.102.102 is being routed to you it should be ok.

Actions

This Discussion