I have a strange issue with PAT in Cisco ASA 5540 running Version 8.0(5).
We have a web server (172.16.20.8) which is in DMZ listening port 90. If anyone access from outside to the website on port 80 the ASA should translate the port on 90. So I execute the command as follows.
"static (DMZ,outside) tcp 22.214.171.124 www 172.16.20.8 90 netmask 255.255.255.255"
Also I enabled the access-list in outside interface
"access-list outside_access_in extended permit tcp any host 126.96.36.199 eq www"
This time the website is not accessing from outside, showing error " The IE cannot display the webpage"
When I ADD the following configuration to ASA, it is working.
"static (DMZ,outside) 188.8.131.52 172.16.20.8 netmask 255.255.255.255" ( A direct nat applied. ASA showing a warning that there is conflict with existing PAT, but i ignored the warning)
Also I have added access-list in outside interface - "access-list outside_access_in extended permit tcp any host 184.108.40.206 eq 90"
ASA5540# show xlate -
"PAT Global 220.127.116.11(80) Local 172.16.20.8(90)"
"Global 18.104.22.168 Local 172.16.20.8"
Now the website can access from outside.But can see the translated port on the address bar.
What I understand from the troubleshooting is the packets are going to webserver without any translation.
How can I resolve this issue, Please advice.