cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
445
Views
0
Helpful
1
Replies

ASA - NAT/PAT

battanc
Level 1
Level 1

ASA Version 7.2(3)

Global NAT on outside Interface plus two Static PAT on the same outside address.

But the static PAT don't work.

Configuration as follow:

(omitted)

name 192.168.100.60 LAN_RDP

name 192.168.100.100 LAN_SMTP

(...)

access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.1.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.1.10.0 255.255.255.0

access-list outside_access_in extended permit icmp any any echo-reply log disable

access-list outside_access_in extended permit tcp any host 195.254.241.194 eq 3389 log disable

access-list outside_access_in extended permit tcp any host 195.254.241.194 eq smtp log disable

access-list outside_access_in extended permit ip any any log disable inactive

(...)

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 195.254.241.194 3389 LAN_RDP 3389 netmask 255.255.255.255

static (inside,outside) tcp 195.254.241.194 smtp LAN_SMTP smtp netmask 255.255.255.255

access-group outside_access_in in interface outside

Some suggestion?

1 Reply 1

Ivan Martinon
Level 7
Level 7

Is this ip address "195.254.241.194" the same as what the outside interface has assigned to it? if it is then go ahead and change your static lines to show like this:

static (inside,outside) tcp interface 3389 LAN_RDP 3389 netmask 255.255.255.255

static (inside,outside) tcp interface smtp LAN_SMTP smtp netmask 255.255.255.255

Give that a shot.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: