Hi, I have a problem with an ASA5510 configuration: I opened access from outside to inside to a mail server and a service to an AS400. But static NAT doesn't work correctly: if I try from internet I can't, but if I try from a source address in the same class of interface outside of the ASA all works.
As attachment tou can find configuration (I use for this example all private addresses).
If I try to access, for example, to https from a machine with 10.0.0.234 IP address all works correctly, if I try from an IP address outside network 10.0.0.224/27 ASA reject the connection.
Francesco, your config looks ok. This looks like more of a routing problem. Are you sure your object track to 10.0.0.1 is up? Can you ping the machine you are trying from the ASA? Also, check the network where you are coming from has a route to 10.0.0.224/27.
Thanks a lot for the quick answer. I'm sure that this is not a routing problem because I have to substitute a pix506 with similar configuration and the routing is good for 506 and not for ASA. I check the ASA routing table and i'm sure that the routes are correct (track is good).
Can you login to the outside router and clear the "arp cache" on it?
As when ASA is substituted with PIX506, things start working, I think outside router still has ARP entry for PIX-506's outside interface, once you get this cleared, fresh ARP entries will be made with ASAs mac address.
But from inside I can browse the net. If the problem is arp cache, I can't browse internet too. From the inside I can go out and from the outside I can use inside services only from addresses of outside IP network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...