Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ASA 5510 NAT Issue

I've been asked to implement a new NAT translation to coincide with an existing NAT rule which allows SFTP access.

I use an ASA 5510 version 8.0(4)32


Here is the surpressed config:

...

name 10.10.10.12 server1
name 10.10.10.13 server2

interface Ethernet0/1
no nameif
no security-level
no ip address
!
interface Ethernet0/1.10
vlan 10
nameif server_dmz
security-level 2
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/3
nameif supplier
security-level 1
ip address 192.168.1.1 255.255.255.0
!

access-list supplier_access_in extended permit tcp host 192.168.2.58 gt 1023 host 192.168.1.1 eq ssh
access-list supplier_access_in extended permit tcp host 192.168.2.90 gt 1023 host 192.168.1.2 eq ssh

global (outside) 10 interface

static (server_dmz,outside) interface server1 netmask 255.255.255.255
static (server_dmz,outside) 192.168.1.2 server2 netmask 255.255.255.255

access-group supplier_access_in in interface outside

route supplier 192.168.2.58 255.255.255.255 192.168.1.254 1
route supplier 192.168.2.90 255.255.255.255 192.168.1.254 1

...

The supplier can access Server1 but not Server2.

Packet-tracer results show that everything is fine for server1 and server2.

Does 'static (server_dmz,outside) interface' mean to nat traffic destined for the interface ip? Or does it interact with 'global (outside) 10 interface'?

Before I want to point my finger at an issue with the supplier, I would like to clarify.

282
Views
0
Helpful
0
Replies
CreatePlease to create content