Currently traffic is not reaching the external host and when I perform a packet capture on the inside interface I see no traffic leaving (194.x.x.1), however i do see traffic arriving on the inside destined for the server (10.x.x.156)
When I run packet-tracer I get the following error;
NAT Exempt, rpf-error, Action -Drop.
I have tried adding the hosts to the no-nat rule...
Any ideas, I cant understand why the static does not take precedence, it is see as a translation first..
So in your case the real source interface is "outside" and the mapped interface is the "inside" and the mapped IP address is the private IP address and the real IP address is the public IP address.
I am not sure if this corrects your problem yet. If you are using "packet-tracer" to test then you should see the traffic from "inside" match the "static" rune in a NAT Phase (UN-NAT) at the very start. It should also match a Dynamic PAT rule in a later NAT Phase.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...