We are migrating from PIX 6.3 to ASA 9.1. Having issues with NAT and hoping someone can help.
Existing PIX-
access-list CUSTOMER permit ip any 202.x.x.z 255.255.255.0
access-list CUSTOMER permit ip any 202.x.y.z 255.255.255.0
nat (inside) 1000 access-list CUSTOMER 0 0
static (inside,outside) DMZHOST1 INTHOST1 netmask 255.255.255.255 0 0
static (inside,outside) DMZHOST2 INTHOST2 netmask 255.255.255.255 0 0
static (inside,outside) DMZHOST3 INTHOST3 netmask 255.255.255.255 0 0
static (inside,outside) DMZHOST4 INTHOST4 netmask 255.255.255.255 0 0
Our failed ASA attempt-
object-group network CUSTOMER
network-object 202.x.x.z 255.255.255.0
network-object 202.x.y.z 255.255.255.0
object-group network DMZHOST1
network-object host DMZHOST1
object-group network DMZHOST2
network-object host DMZHOST2
object-group network DMZHOST3
network-object host DMZHOST3
object-group network DMZHOST4
network-object host DMZHOST4
object-group network INTHOST1
network-object host INTHOST1
object-group network INTHOST2
network-object host INTHOST2
object-group network INTHOST3
network-object host INTHOST3
object-group network INTHOST4
network-object host INTHOST4
nat (inside,outside) source static INTHOST1 DMZHOST1 destination static CUSTOMER CUSTOMER
nat (inside,outside) source static INTHOST2 DMZHOST2 destination static CUSTOMER CUSTOMER
nat (inside,outside) source static INTHOST3 DMZHOST3 destination static CUSTOMER CUSTOMER
nat (inside,outside) source static INTHOST4 DMZHOST4 destination static CUSTOMER CUSTOMER
We are getting hits on the ACL and hits on the translations but the customer can't connect.
Any help is appreciated.