cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
0
Helpful
6
Replies

Static NAT Problem

new_networker
Level 1
Level 1

I am trying to map a Public IP to private Virtual IP on the load balancer which forwards the traffic to web servers.

I have done all the necessary configurations on ASA, but the web service is still not accessible from the internet.

Configuration:

Outside IP: 95.12.60.31

Inside IP (VIP): 10.1.1.1

static (inside,outside) 95.12.60.31,10.1.1.1 netmask 255.255.255.255

access-list outside_in extended permit ip any any

access-group outside_in in interface OUTSIDE

The web service is accessible locally on 10.1.1.1 IP. While I am accessing via the public IP over the internet I can see following on 'sh conn' display

TCP out 66.72.101.23:2984 in 10.1.1.1:80 idle 0:00:02 bytes 0 flags AX

What could be wrong. Please assist.

6 Replies 6

Collin Clark
VIP Alumni
VIP Alumni

Does your load balancer have a default route going out?

Yes. The default route is present.

I didn't mention earlier that the ping to public IP over the internet is successful. I have also configured the load balancer for ping requests.

Any other clues.

When the NAT translation dies, what is the byte count? I assume you have hit counts on your ACL?

Yes. There are hit counts on the access-list for every hit via the browser. Something like 0xd1647829.

Maybe a packet cpature between the two (or on the pix/asa) will shed some light. From the firewall you can ping the VIP correct?

Yes. I am able to ping the VIP from firewall.

I will try the capture tommorow. In the meanwhile any other suggestions will be great.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: