ASA 55xx issue

Answered Question
Apr 21st, 2008

I'm having issues with a new ASA implementation. I have some direct one-to-one translations specificed and I want all the rest of my outbound traffic to go out the global PAT address, but for some reason, all traffic, including inside hosts with outside NATs are appearing as the global PAT address.

Config attached



Correct Answer by acomiskey about 8 years 10 months ago

Your statics are backwards. Should be...


static (inside,outside) 208.xxx.xxx.163 192.168.1.220 netmask 255.255.255.255

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Mon, 04/21/2008 - 08:02

Your statics are backwards. Should be...


static (inside,outside) 208.xxx.xxx.163 192.168.1.220 netmask 255.255.255.255

rjrii Mon, 04/21/2008 - 08:27

OMG! Sleep deprivation is not good, people! Thanks, acomiskey!


This setup is a conversion from an IP Chains linux firewall and I realize what I did. While documenting the static mappings I used Excel to create my internal and external columns. I then concatenated everything into the cisco static command format and switched my internal and external columns around.


Thanks again!


Randy


Actions

This Discussion