ASA - NAT/PAT

Unanswered Question
Mar 10th, 2009
User Badges:

ASA Version 7.2(3)

Global NAT on outside Interface plus two Static PAT on the same outside address.

But the static PAT don't work.


Configuration as follow:

(omitted)

name 192.168.100.60 LAN_RDP

name 192.168.100.100 LAN_SMTP

(...)

access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.1.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.1.10.0 255.255.255.0

access-list outside_access_in extended permit icmp any any echo-reply log disable

access-list outside_access_in extended permit tcp any host 195.254.241.194 eq 3389 log disable

access-list outside_access_in extended permit tcp any host 195.254.241.194 eq smtp log disable

access-list outside_access_in extended permit ip any any log disable inactive

(...)

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 195.254.241.194 3389 LAN_RDP 3389 netmask 255.255.255.255

static (inside,outside) tcp 195.254.241.194 smtp LAN_SMTP smtp netmask 255.255.255.255

access-group outside_access_in in interface outside


Some suggestion?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Tue, 03/10/2009 - 08:13
User Badges:
  • Cisco Employee,

Is this ip address "195.254.241.194" the same as what the outside interface has assigned to it? if it is then go ahead and change your static lines to show like this:


static (inside,outside) tcp interface 3389 LAN_RDP 3389 netmask 255.255.255.255

static (inside,outside) tcp interface smtp LAN_SMTP smtp netmask 255.255.255.255


Give that a shot.

Actions

This Discussion