Hi

I have server with real address 10.173.1.242, i created static nat to address 10.164.32.15, but I can not to connect to address 10.164.32.15 from IP 10.161.111.130, here is config of ASA:

Peter

ASA Version 8.0(5)

!

names

!

interface GigabitEthernet0/0

nameif intranet

security-level 30

ip address 10.164.241.1 255.255.255.0 standby 10.164.241.2

!

interface GigabitEthernet0/1

nameif cdi

security-level 80

ip address 10.173.241.1 255.255.255.0 standby 10.173.241.2

!

interface GigabitEthernet0/2

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2.491

  vlan 491

nameif service491

security-level 50

ip address 10.173.1.241 255.255.255.0 standby 10.173.1.240

!

interface GigabitEthernet0/2.492

vlan 492

nameif service492

security-level 50

ip address 10.173.2.241 255.255.255.0 standby 10.173.2.240

!

interface GigabitEthernet0/2.493

vlan 493

nameif service493

security-level 50

ip address 10.173.3.241 255.255.255.0 standby 10.173.3.240

!

interface GigabitEthernet0/2.500

  vlan 500

nameif service500

security-level 50

ip address 10.173.0.241 255.255.255.0 standby 10.173.0.240

!

interface GigabitEthernet0/2.550

vlan 550

nameif service550

security-level 50

no ip address

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

!

boot system disk0:/asa805-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name t-dc.sk

access-list cdi-in extended permit icmp any any log debugging

access-list cdi-in extended deny ip any any

access-list intranet-in extended permit ip 10.161.111.0 255.255.255.0 host 10.0.0.0 log debugging

access-list intranet-in extended permit ip 10.164.32.0 255.255.255.0 host 10.0.0.0 log debugging

access-list intranet-in extended deny ip any any

access-list service491-in extended permit icmp any any log debugging

access-list service491-in extended deny ip any any

access-list service492-in extended deny ip any any

access-list service493-in extended deny ip any any

access-list service500-in extended deny ip any any

access-list service550-in extended deny ip any any

access-list cap extended permit ip any any

pager lines 24

logging buffered debugging

logging trap debugging

logging asdm debugging

logging host service491 10.173.1.242

mtu intranet 1500

mtu cdi 1500

mtu service491 1500

mtu service492 1500

mtu service493 1500

mtu service500 1500

mtu service550 1500

mtu mngmt 1500

ip local pool pool1 10.31.250.129-10.31.250.255 mask 255.255.255.0

failover

failover lan unit primary

failover lan interface failover GigabitEthernet0/3

failover interface ip failover 172.16.10.1 255.255.255.252 standby 172.16.10.2

no monitor-interface intranet

no monitor-interface cdi

no monitor-interface mngmt

icmp unreachable rate-limit 1 burst-size 1

icmp permit any intranet

icmp permit any cdi

icmp permit any service491

icmp permit any service492

icmp permit any service493

icmp permit any service500

icmp permit any service550

asdm image disk0:/asdm-647.bin

no asdm history enable

arp timeout 14400

static (service491,intranet) 10.164.32.15 10.173.1.242 netmask 255.255.255.255

access-group intranet-in in interface intranet

access-group cdi-in in interface cdi

access-group service491-in in interface service491

access-group service492-in in interface service492

access-group service493-in in interface service493

access-group service500-in in interface service500

access-group service550-in in interface service550

route intranet 0.0.0.0 0.0.0.0 10.164.241.5 1

route cdi 10.97.0.0 255.255.0.0 10.173.241.5 1

route cdi 10.168.0.0 255.255.0.0 10.173.241.5 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ca trustpoint localtrust

enrollment self

fqdn sslvpn.t-dc.sk

keypair sslvpnkeypair

crl configure

crypto ca certificate chain localtrust

certificate c116474f

    308201e7 30820150 a0030201 020204c1 16474f30 0d06092a 864886f7 0d010104

    bce 90a3424e

    f9f040e2 95c69b91 779b8a

  quit

no crypto isakmp nat-traversal

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl trust-point localtrust intranet

webvpn

enable intranet

svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1

svc enable

group-policy GrpPolicy-ssl1 internal

group-policy GrpPolicy-ssl1 attributes

vpn-tunnel-protocol svc

tunnel-group ssl1 type remote-access

tunnel-group ssl1 general-attributes

address-pool pool1

default-group-policy GrpPolicy-ssl1

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect icmp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:be82cd121bde8e5de3981453caa201f0

: end