I've a problem that is making me crazy.. I've configured a lot of PIX and ASA v. 7, now I'm configuring for the first time an ASA with sw 8.2.
The config that I want to make is very simple: dynamic NAT for the inside client and some static for the server.
The problem is that when I configure the static for the server they don't work and the server stop to surf internet.
my wan side network is xx.xxx.32.59/29 and inside 192.168.9.0/24, the ip assigned to the asa is xx.xxx.32.62 and the wan router of our provider xx.xxx.32.57.
This is the config that I've put:
access-list nat0 extended permit ip 192.168.9.0 255.255.255.0 10.0.9.0 255.255.255.0
access-list acl_out extended permit icmp any any
access-list acl_out extended permit ip MILAN-WAN 255.255.255.224 xx.xxx.32.56 255.255.255.248
access-list acl_out extended permit tcp any host xx.xxx.32.60 object-group Polycom
access-list acl_out extended permit udp any host xx.xxx.32.60 object-group Polycom
nat (inside) 0 access-list nat0
nat (inside) 1 192.168.9.0 255.255.255.0
static (inside,outside) xx.xxx.32.59 192.168.9.106 netmask 255.255.255.255
static (inside,outside) xx.xxx.32.61 192.168.9.101 netmask 255.255.255.255
static (inside,outside) xx.xxx.32.60 192.168.9.33 netmask 255.255.255.255
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.32.57 1
Nothing is wrong as far as the configuration is concern.
Just double check that the router has the mac address of the ASA outside interface for all the virtual ip addresses that you configured on the static NAT statements.
Most times, clear arp on the router OR/ reloading the internet router resolve the issue.
Lastly, I assume that you have not turned off proxy arp on the ASA outside interface. Check "sh run all sysopt", and you should see "no sysopt noproxyarp outside" command.
Hope that helps.