Noob question here. Got no Cisco experience, sorry.
We've got a pair of 525's (the second is set for failover) that were set up for us by a consultant who used CLI to do everything.
At the time, the consultant said that we can't use the GUI to do NAT edits because he did the initial setup on CLI. That sounds like a load of Shatner to me, but is that true?
Anyway, I now need to add a NAT to allow port 5632 to go to my web server. I used Checkpoint for years, so doing it via GUI shouldn't be a big challenge.
I go into the Cisco ASDM GUI v1.1(1) and add:
static: inside: 10.1.1.21: port 5632(tcp): any: outside: 184.108.40.206: port 5632(tcp)
static: inside: 10.1.1.21: port 5632(ucp): any: outside: 220.127.116.11: port 5632(ucp)
I get a popup saying "This static port mapping translation rule is overlapping with a dynamic address translation rule for inside:0.0.0.0/0.0.0.0(any) using global pool 10. Do you still wish to proceed?"
Clicking "Proceed" adds the rule, but still doesn't seem to open up the port.
It's the exact same setup I have for allowing port 80 (http) on the web server. Web works. This doesn't.
ACL looks fine. You are allowing www and tcp 5632 to x.x.x.101 and the corresponding static statements are good as well.
Please rate helpful posts.