Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static translations not working

I have configured some static translations for my new ASA 5510 which is on our new internet ciruit. For some reason, I see hits on my acl but get no response from internal hosts. I get hits on my inbound acl but still no response on the other end. Anyone have any ideas to help me? I called cisco and according to TAC my configuration is correct. I'm not sure what to do.

6 REPLIES
Bronze

Re: Static translations not working

do you mind posting the relevant config and also the sh xlate? Have you used ASDM to trace the packets?

New Member

Re: Static translations not working

static (inside,outside) tcp 66.x.x.67 smtp 192.168.0.x smtp netmask 255.255.255.255

static (inside,outside) tcp 66.x.x.67 www 192.168.0.xwww netmask 255.255.255.255

static (inside,outside) tcp 66.x.x.67 https 192.168.0.x https netmask 255.255.255.255

static (dmz,outside) tcp 66.x.x.68 www 66.x.x.68 www netmask 255.255.255.255

static (dmz,outside) tcp 66.x.x.68 ftp 66.x.x.68 ftp netmask 255.255.255.255

static (inside,outside) tcp 192.168.0.x 3389 66.x.x.69 3389 netmask 255.255.255.255

global (outside) 1 interface

global (dmz) 1 interface

access-list inbound extended permit tcp any host 66.x.x.67 eq smtp

access-list inbound extended permit tcp any host 66.x.x.67 eq www

access-list inbound extended permit tcp any host 66.x.x.67 eq https

access-list inbound extended permit tcp any host 66.x.x.68 eq www

access-list inbound extended permit tcp any host 66.x.x.68 eq ftp

access-list inbound extended permit tcp any host 66.x.x.69 eq 3389

PAT Global 66.x.x.67(25) Local 192.168.0.x(25)

PAT Global 66.x.x.67(80) Local 192.168.0.x(80)

PAT Global 66.x.x.67(443) Local 192.168.0.x(443)

PAT Global 66.x.x.68(80) Local 66.x.x.68(80)

PAT Global 66.x.x.68(21) Local 66.x.x.68(21)

PAT Global 192.168.0.213(3389) Local 66.x.x.69(3389)

I'm not too concerned about the DMZ right now I'm just trying to get the rest working first.

Bronze

Re: Static translations not working

I will start by fixing your last static entry.

Bronze

Re: Static translations not working

I am going to assume that you have nat (inside) 1 configured as well?

Can you access the Internet from that ASA?

New Member

Re: Static translations not working

Yes and the last static entry isn't a concern to me right now. The first few are.

Bronze

Re: Static translations not working

I surely understand your frustration. From what you posted, your config looks good to me as well. Is your inside switch using PBR? Could please post your sh access-list?

regards,

162
Views
0
Helpful
6
Replies
CreatePlease to create content