Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - NAT/PAT

ASA Version 7.2(3)

Global NAT on outside Interface plus two Static PAT on the same outside address.

But the static PAT don't work.

Configuration as follow:

(omitted)

name 192.168.100.60 LAN_RDP

name 192.168.100.100 LAN_SMTP

(...)

access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.1.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.1.10.0 255.255.255.0

access-list outside_access_in extended permit icmp any any echo-reply log disable

access-list outside_access_in extended permit tcp any host 195.254.241.194 eq 3389 log disable

access-list outside_access_in extended permit tcp any host 195.254.241.194 eq smtp log disable

access-list outside_access_in extended permit ip any any log disable inactive

(...)

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 195.254.241.194 3389 LAN_RDP 3389 netmask 255.255.255.255

static (inside,outside) tcp 195.254.241.194 smtp LAN_SMTP smtp netmask 255.255.255.255

access-group outside_access_in in interface outside

Some suggestion?

1 REPLY

Re: ASA - NAT/PAT

Is this ip address "195.254.241.194" the same as what the outside interface has assigned to it? if it is then go ahead and change your static lines to show like this:

static (inside,outside) tcp interface 3389 LAN_RDP 3389 netmask 255.255.255.255

static (inside,outside) tcp interface smtp LAN_SMTP smtp netmask 255.255.255.255

Give that a shot.

278
Views
0
Helpful
1
Replies
CreatePlease login to create content