Static NAT Problem

new_networker · ‎11-24-2008

I am trying to map a Public IP to private Virtual IP on the load balancer which forwards the traffic to web servers.

I have done all the necessary configurations on ASA, but the web service is still not accessible from the internet.

Configuration:

Outside IP: 95.12.60.31

Inside IP (VIP): 10.1.1.1

static (inside,outside) 95.12.60.31,10.1.1.1 netmask 255.255.255.255

access-list outside_in extended permit ip any any

access-group outside_in in interface OUTSIDE

The web service is accessible locally on 10.1.1.1 IP. While I am accessing via the public IP over the internet I can see following on 'sh conn' display

TCP out 66.72.101.23:2984 in 10.1.1.1:80 idle 0:00:02 bytes 0 flags AX

What could be wrong. Please assist.

Collin Clark · ‎11-24-2008

Does your load balancer have a default route going out?

new_networker · ‎11-24-2008

Yes. The default route is present.

I didn't mention earlier that the ping to public IP over the internet is successful. I have also configured the load balancer for ping requests.

Any other clues.

Collin Clark · ‎11-24-2008

When the NAT translation dies, what is the byte count? I assume you have hit counts on your ACL?

new_networker · ‎11-24-2008

Yes. There are hit counts on the access-list for every hit via the browser. Something like 0xd1647829.

Collin Clark · ‎11-24-2008

Maybe a packet cpature between the two (or on the pix/asa) will shed some light. From the firewall you can ping the VIP correct?

new_networker · ‎11-24-2008

Yes. I am able to ping the VIP from firewall.

I will try the capture tommorow. In the meanwhile any other suggestions will be great.