I've been working on a homologation process for the deployment of Cisco ASA 5520 appliances and I've been unable to successfully make use of static NAT/PAT in order to translate services from the outside pool of IP addresses to inside (real) IP addresses (there is no DMZ perimeter at this time; there are "outside" and "inside" interfaces only).
The scenario is as follows:
- Inside: 10.1.4.16/24
- Outside: 220.127.116.11/26
The pool of registered IP addresses is as follows: 18.104.22.168/26.
The actual ASA configuration (or at least a small part of it that represents the scope of my issue) is as follows:
There are, of course, several other Access Control Lists and Static NAT/PAT entries, and each one of them uses a separate IP address from the global pool (ie.: 22.214.171.124, 126.96.36.199... 188.8.131.52), and the objective here is to NAT these registered IP addresses to their respective private ones at some specific ports, from outside to inside (ie.: 184.108.40.206 TCP 22 --> 10.1.4.8 TCP 22). These translations are not working either.
I would really appreciate if someone could possibly help me out. Please find enclosed a drawing and the actual ASA config (the full version of it).
I look forward to hearing from you soon. Thank you in advance!
I don't see anything wrong with the configuration. The outside ACL and static are configured correct for the server(s) to be accessed from outside.
I was suspecting may be the proxyarp was disabled on the outside interface as that could present this problem but the configuration appears to indicate the proxyarp is enabled on the outside. Did you try the clear xlate after the configuration was changed?
Well... as a matter of fact, yes, I cleared out xlate after performing the configuration changes. I have also recycled the box a couple of times to see what would happen next, and still nothing at all. I am unable to get it done as it was supposed to.
I guess I should contact Cisco directly in order to determine what the heck is going on with this box! Actually I was just wondering if I had been doing something wrong, configuration-wise, but apparently I am doing the right thing.
I will surely reply to this topic once I find out what has caused these issues.
After a troubleshooting session, we've identified that a Cisco switch was causing all the mess. Configuration-wise, everything looked like perfect. After upgrading its software and rebooting the switch - although preserving all of its original configuration parameters - the issue has gone for good. Indeed, very weird.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :