Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT Configuration on ASa5505 with asdm 7.1.4

Hi I have a test mail server I want to access from the internet and I'm trying to configure nat I just have 2 vlans inside and outside and I want to use the ip address of the outside interface but the asdm config is confusing please see attached image. I just need help with what options to put where it is so much easier on the older version of asdm

3 REPLIES
Hall of Fame Super Silver

It's actually easier to start

It's actually easier to start with defining your mail server as an object and when you do that, configure the optional NAT section and advanced settings specifying the interfaces. Once you've applied that bit then go in an create (or an an entry to) the access-list and make it active on the outside interface (for incoming traffic.

I've used the ASDM demo version to show you (images below) what that looks like. It translates in commands delivered to the device as follows (your addresses will change obviously):

object network Mail_server
 host 10.10.10.10
 description SMTP server
 nat (inside,outside) static 192.168.2.100

access-list outside_access_in extended permit tcp any object Mail_server eq smtp 

access-group outside_access_in in interface outside

New Member

Hi Marvin I tried this config

Hi Marvin I tried this config and still no access from the outside keep in mind i am using the same ip address of the outside interface

Hall of Fame Super Silver

When traffic isn't flowing as

When traffic isn't flowing as we want it to, a handy tool is the packet-tracer. You can use if from the GUI but it's quicker and in most cases easier to convey from the cli. If you could please run the following and share the output:

packet-tracer input outside tcp 8.8.8.8 1024 <your outside address> 25

That will analyze the flow of a hypothetical packet from the internet (8.8.8.8 = Google DNS server used here - you an use any public IP address) coming into your ASA on tcp/25 (smtp).

336
Views
0
Helpful
3
Replies
CreatePlease login to create content