11-05-2009 02:25 PM - edited 03-11-2019 09:36 AM
I configured identity static NAT on my ASA specifying a range I.E. "static (inside,outside) 10.10.10.0 10.10.10.0 netmask 255.255.255.0 and now the outside users cannot connect to inside WEB server which has IP address of 10.10.10.51. Do I need to create one to one entries for each host? Seems like firewall does not create a dedicated translation for inbound connections.
11-05-2009 03:12 PM
Hi,
There is no need for doing one to one nat for all the ip addresses. The configuration statement looks fine to me.
Please check the output of 'show xlate' and find out if the translations are being made for the ip addresses.
Thanks,
Manish
11-06-2009 06:23 AM
The order of the statics is important. Check the order.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide