I recently purchased an ASA 5505 running v8.4(2) and have been trying to get it to work for a week with no. It seems like a very cool product and design but feels like I am missing some magic command to make my config work. Discovered all kinds of interesting oddities (like if you set inside and outside to security level 0 with all open ACLs, the ASDM works but you can't telnet to the device ... would love an explanation for that one )!
To the problem at hand:
- 6 Public IP addresses translated to 6 internal IPs in two IP block ranges of 3 each.
- Allow all traffic to them (the internal IPs have their own firewalls).
- Optionally configure it to be as fast/efficient as possible.
I am upgrading from a Cisco (Linksys) RV082 because it would die / lock-up at 2M of traffic. But the configuration for the above was very easy and worked right off the bat (just turn on 1-to-1 NAT for the IP ranges).
In a nutshell, I just want 1-to-1 Static NAT for these IPs that lets everything through.
I just want to get things live at this point and will play with locking things down later. We have a sizable long-term budget so this is pilot testing the ASA but after a week of reading everything I can find about the ASA/8.4 trying like 15 different configurations and talking with some data center pros am still stuck at the "no joy" phase and have never gotten a single packet back to our servers as far as I know.
I attached our config, it's a mess, but we've tried simple ones, factory resets, etc. Other oddities include DNS working for some devices but not others on the inside network. We just switch unplug things and plug into the RV082 and it all works fine so its not our devices.
Anyone have a super simple 1-to-1 Static NAT config that lets everything through?
Edit: We can't use transparent mode because we need protected access 10.0.0.11<->10.0.0.21 for example and this can't be on the public net.
ASA support .1q VLAN tagging . can you explain a little more regarding the TWO NICS how thery are connected to the ASA ?
cheers for the good news
please rate useful Fourms !
hello Mate ,
this is the super example :
internal ip :
external public ip :
object network obj_10.0.0.1
object network obj_184.108.40.206
i always prefer to put static rule as the first entries in the table :
nat (inside,outside) 1 source static obj_10.0.0.1 obj _220.127.116.11
on the access-list applied to the outside interface :
access-list outside_access_in permit ip any host 10.0.0.1
regarding the two 0 security level inside and outside . the rule is :
ASA we never allows you to telnet to the lowset security level interface