ASA5505 Static Mapping Problem - Possible bug with ver. 7.2(2)

Unanswered Question

Hi all, I need a 2nd opinion here. I tried to configure my ASA5505 to allow users from the “inside interface” to access a server in the DMZ (see attached drawing). I did this my using a static command:

Static (dmz, inside) mapped_internal_ip_address real_ip_dmz_ip_address netmask

This is also documented in CISCO document ID 64758 - pix70-nat-pat.pdf (attached file). Although this a very typical set up, my endeavor failed miserably.

I did the same and allow users from the “outside interface” to access the same server in the DMZ, and it worked flawlessly.

I did check sysopt, and proxyarp was not disabled.

I strongly suspected this a bug in the software, because Cisco documented this could be done.

I would like a second pair of eyes to verify my configuration.

See the configuration and err msg in the attached "Message text - ASA5505 Static Mapping Problem.doc".

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion