Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static NAT Problem

I am trying to map a Public IP to private Virtual IP on the load balancer which forwards the traffic to web servers.

I have done all the necessary configurations on ASA, but the web service is still not accessible from the internet.


Outside IP:

Inside IP (VIP):

static (inside,outside), netmask

access-list outside_in extended permit ip any any

access-group outside_in in interface OUTSIDE

The web service is accessible locally on IP. While I am accessing via the public IP over the internet I can see following on 'sh conn' display

TCP out in idle 0:00:02 bytes 0 flags AX

What could be wrong. Please assist.


Re: Static NAT Problem

Does your load balancer have a default route going out?

New Member

Re: Static NAT Problem

Yes. The default route is present.

I didn't mention earlier that the ping to public IP over the internet is successful. I have also configured the load balancer for ping requests.

Any other clues.

Re: Static NAT Problem

When the NAT translation dies, what is the byte count? I assume you have hit counts on your ACL?

New Member

Re: Static NAT Problem

Yes. There are hit counts on the access-list for every hit via the browser. Something like 0xd1647829.

Re: Static NAT Problem

Maybe a packet cpature between the two (or on the pix/asa) will shed some light. From the firewall you can ping the VIP correct?

New Member

Re: Static NAT Problem

Yes. I am able to ping the VIP from firewall.

I will try the capture tommorow. In the meanwhile any other suggestions will be great.