cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
0
Helpful
5
Replies

ASA 5505 static/nat wont work

l.alias
Level 1
Level 1

My problem is that with my new 5505 the outside world does not have access to my web and mail services. when I show access-list, the hit count does not go up when I know there are web and mail requests coming in.

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Could you post a sanitised version of your config please.

Jon

If you need more of de config, please let my no.

access-list outside_access_in extended permit tcp any host 62.192.102.102 eq 4899

access-list outside_access_in extended permit tcp any host 62.192.102.102 eq https

access-list outside_access_in permit tcp any host 62.192.102.102 eq smtp

access-list outside_access_in extended permit tcp host test1 host 62.192.102.102 eq 65000

access-list outside_access_in extended permit tcp host test2 host 62.192.102.102 eq 65000

access-list nonat1 extended permit ip 192.168.200.0 255.255.255.0 192.168.123.0 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list nonat1

nat (inside) 1 192.168.200.0 255.255.255.0

static (inside,outside) tcp 62.192.102.102 65000 192.168.200.13 65000 netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 smtp 192.168.200.5 smtp netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 443 192.168.200.5 443 netmask 255.255.255.255

static (inside,outside) tcp 62.192.102.102 4899 192.168.200.5 4899 netmask 255.255.255.255

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 62.192.102.101 1

Is 62.192.102.102 also the outside inteface address of the ASA?

no, the address of the outside interface (vlan1) is 62.192.102.202.

The config looks fine, as long as 62.192.102.102 is being routed to you it should be ok.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: