Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

static nat on asa

Hi i need to change static association for a public ip to internal ip

right now i have following statment.

static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

it needs to be changed to

static (dmz,outside) 66.xx.xx.xx

192.168.51.14 netmask 255.255.255.255

what should I need to do ?

do i need to add no statment to previous statement and execute new ?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: static nat on asa

Hi

yes you should do

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

then

static (dmz,outside) 66.xx.xx.xx

192.168.51.14 netmask 255.255.255.255

You will then need to clear the xlate. Do not just enter "clear xlate" as it will remove all the xlates which will break all existing connections through the ASA.

Do

clear xlate global 66.xx.xx.xx

HTH

Jon

3 REPLIES
Hall of Fame Super Blue

Re: static nat on asa

Hi

yes you should do

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

then

static (dmz,outside) 66.xx.xx.xx

192.168.51.14 netmask 255.255.255.255

You will then need to clear the xlate. Do not just enter "clear xlate" as it will remove all the xlates which will break all existing connections through the ASA.

Do

clear xlate global 66.xx.xx.xx

HTH

Jon

Community Member

Re: static nat on asa

Yes you should put a "no" to remove the old statement then add the new statement. Ex:

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

static (dmz,outside) 66.xx.xx.xx 192.168.51.14 netmask 255.255.255.255

Cisco Employee

Re: static nat on asa

Hello

You need to first remove the previous entry

no static (dmz,outside) 66.xx.xx.xx 192.168.50.91 netmask 255.255.255.255

Also you need to add a new static

static (dmz,outside) 66.xx.xx.xx 192.168.51.14 netmask 255.255.255.255

Then you need to clear the stale arp and xlate entries

cl xlate

cl loc

cl arp

See if it helps !

163
Views
0
Helpful
3
Replies
CreatePlease to create content