Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

NAT problem in cisco asa 5505

Hi all,

I am using a cisco asa 5505 with base license. I have enabled 3 interfaces(inside/outside/dmz) on my firewall. As i am using a base license, my dmz interface is set as restricted interface where it can access outside network but cannot access the inside network. My dmz is hosting a web service accessible by external so i NAT one of the public ip to the dmz ip that my web server is using. However NAT fails to work, i had to change the dmz ip of my webserver, and change my NAT accordingly so that the same public ip is translated to the new dmz ip before NAT got to work. Why is this so? THere is only 1 machine in my dmz, and the dmz ip that failed to work as mentioned earlier was not use for any other NAT purpose in the entire config. i have clear the arp cache and it fail to resolve the issue and i eventually had to change the dmz ip of the web server. Pls advise. THks in advance.

1 REPLY
Cisco Employee

Re: NAT problem in cisco asa 5505

Not sure why the previous ip address does not work. Did you also perform a "clear xlate" after configuring the static NAT statement?

The issue could be related to ARP on other devices where the dmz server is connected to, and also on the ASA outside interface where the public ip address NATing happens. Did you also clear the ARP cache on the upstream router/switch where the ASA outside interface is connected?

407
Views
0
Helpful
1
Replies
CreatePlease to create content