PAT issue on ASA5510, where a static NAT works

Unanswered Question
Jan 4th, 2009
User Badges:

I have a strange PAT issue. I have a 5510 firewall with some webservers, a switch and an internet router attached to the outside interface. If I use an internal machine with a static NAT I can ping and telnet to the router and switch and browse a webmail account on a webserver. Although, if I try to do that same thing from an internal machine using PAT (overload on the outside interface) it fails. Ping will reply one time and then time out the remaining three. Telnet and browsing to the webmail account both fail. Any suggestions would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sun, 01/04/2009 - 14:29
User Badges:
  • Green, 3000 points or more


I think I understand your post but not quite 100% sure of your topology , pls correct if my understanding is wrong, also look at asdm real time log to give more clues what the problem could be.

Where is your webmail server, on the outside or inside ? could u provide more info on where wemail server is located.

LAN-ASA5510Outside-SW-InternetRT, is this your topology ?

if so assume example:

ASA-Outside IP =

Outside router Ethernet interface

Outside switch IP = its DG 100

LAN Network

LAN segment needs to be PATed to reach oustide router and outside switch external IP addresses.

This is all you need in ASA-5510 to reach external switch and/or router from any host.

global (outside ) 1 interface

nat (inside) 1


global (outside ) 1 interface

nat (inside) 1



This Discussion