I have configured a static NAT through my ASA, which for some
reason does not work - I believe the problem is with the NAT or
der rather than the rule itself but I would be most grateful if someone
could assist me in diagnosing the problem.
from command line the rule is ::-
static (UKSCMGMT,management) 10.20.20.20 192.168.1.2 netmask 255.255.255.255
my theory is that anything with a destination address of 10.20.20.20 would be seen as 192.168.1.2 on teh UKSCMGMT interface.
looking at ASDM the rule looks like this
Type Source Destination interface trans address
Static 192.168.1.2 blank management 10.20.20.20
there are some EXEMPT rules relating to 192.168.1.2 - but they are host to host and should not affect the static translation.
Yes, absolutely correct. You can configure NAT exemption per network instead of per each host. If you have hosts which can be grouped into a subnet, configure it as network statements instead.