Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static Nat help

Hi...

We are usinng an ASA 5520 as a front end firewall and an ISA server as a back end server. The latter is connected to the inside interface of the ASA. All the LAN PCs are connected to a second interface on the ISA. The design looks like this

Internet<---->ASA<----->ISA<------>LAN

Our ISP supplies us a range of public IPs, x.x.x.1/224 to x.x.x.31/224.

In order to let clients access the Internet, I only do a static nat for the ISA server external interface, since we use it for http traffic and email hosting.

My question is that Static Nat works when the mapped public ip is the same as the ASA Outside interface, i.e. x.x.x.3. If I change the static nat statement to any othe public IP, example x.x.x.29, all connections are lost.

Is there any reason for this behaviour.

One other issue is that while static nat is functioning, I can send email messages but cannot receive any, couldnt find a solution yet.

All help is appreciated

We use ASA 7.2. Nat-control is not configured

Thanks.

3 REPLIES
New Member

Re: Static Nat help

i have seen this when the isp does not allocate the right IP block to you. your first step would be to confirm with them 100% that this is your block. secondly, can you post "show run static" and "show run access-list"

many thanks

New Member

Re: Static Nat help

One other issue is that while static nat is functioning, I can send email messages but cannot receive any, couldnt find a solution yet.

Have you verified the inspect (smtp or esmtp)configuration ?

New Member

Re: Static Nat help

Thanks for the responses,

I have removed esmtp from the insppect list. I am thinking to nat the ISA servers external IP to one from my pool, while keeping the current static mappings.

I will test it today and post the configs.

Thanks

132
Views
6
Helpful
3
Replies
CreatePlease login to create content