NAT problem in cisco asa 5505

Unanswered Question
Sep 25th, 2010

Hi all,

I am using a cisco asa 5505 with base license. I have enabled 3 interfaces(inside/outside/dmz) on my firewall. As i am using a base license, my dmz interface is set as restricted interface where it can access outside network but cannot access the inside network. My dmz is hosting a web service accessible by external so i NAT one of the public ip to the dmz ip that my web server is using. However NAT fails to work, i had to change the dmz ip of my webserver, and change my NAT accordingly so that the same public ip is translated to the new dmz ip before NAT got to work. Why is this so? THere is only 1 machine in my dmz, and the dmz ip that failed to work as mentioned earlier was not use for any other NAT purpose in the entire config. i have clear the arp cache and it fail to resolve the issue and i eventually had to change the dmz ip of the web server. Pls advise. THks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Sun, 09/26/2010 - 02:57

Not sure why the previous ip address does not work. Did you also perform a "clear xlate" after configuring the static NAT statement?

The issue could be related to ARP on other devices where the dmz server is connected to, and also on the ASA outside interface where the public ip address NATing happens. Did you also clear the ARP cache on the upstream router/switch where the ASA outside interface is connected?


This Discussion