I have attached the config file. Please check.

Hi Alex,

Which static statements aren't working? I tried to connect to a handful on TCP/80 and they all seemed to go through.

-Mike

It is because the primary firewall with old 8.0 version is still in production.

I am updating the standby firewall and testing tonight.

But fail to access any of NAT, so I put it offline now.

Dear Support:

static (inside,outside) 210.177.218.1 192.168.1.23 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.2 192.168.1.24 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.3 192.168.1.11 netmask 255.255.255.255 dns
static (DMZ,outside) 210.177.98.33 192.168.41.63 netmask 255.255.255.255 dns
static (DMZ,outside) 210.177.98.35 192.168.41.62 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.4 192.168.1.51 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.11 192.168.1.20 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.12 192.168.1.18 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.16 192.168.1.19 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.17 192.168.1.48 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.18 192.168.2.16 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.19 192.168.1.81 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.20 192.168.1.17 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.21 192.168.1.26 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.22 192.168.1.37 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.23 192.168.1.52 netmask 255.255.255.255 dns
static (inside,outside) 210.177.218.24 192.168.1.54 netmask 255.255.255.255 dns
static (inside,outside) 210.177.98.36 192.168.1.53 netmask 255.255.255.255 dns
static (inside,outside) 210.177.98.38 192.168.1.27 netmask 255.255.255.255 dns
static (inside,outside) 210.177.98.39 192.168.1.65 netmask 255.255.255.255 dns
static (inside,outside) 210.177.98.40 192.168.1.30 netmask 255.255.255.255 dns
static (inside,outside) 210.177.98.42 192.168.1.3 netmask 255.255.255.255 dns
static (inside,outside) 210.177.98.43 192.168.1.71 netmask 255.255.255.255
static (inside,outside) 210.177.98.37 192.168.1.92 netmask 255.255.255.255 dns

None of them are able to ping or access via Internet.

Hi Alex,

Is this on the 8.0 or 8.2 unit? They cannot run simultaneously with the same config since the upstream router's ARP table will not be correct and won't know which firewall actually owns the public addresses.

-Mike

Dear Support:

The 8.0 unit is in production now. The 8.2 unit is currently offline. But I am wondering if there is any wrong configuration I have done in the 8.2 unit per attached file I sent since I can't get any of NAT server up.

Thanks.

Hi Alex,

I assume the 8.0 unit and the 8.2 unit have the exact same IP address and static NAT configurations, correct?  And when you initially tested, you just swapped the 8.0 unit with the 8.2 unit and tested the NAT, correct?

The reason the static statements were most likely failing is because the upstream device (probably the ISP router) still had the IP addresses of the static associated with the MAC address of the 8.0 unit.  To resolve this issue, you can simply clear the arp cache on the upstream device (clear arp-cache) if you have management access to it, or you can simply reload it to clear the arp cache as well.

Therefore, please try the following:

-replace the 8.0 ASA with the 8.2 ASA (I am assuming both devices have the exact same IP address assignment and configuration)

-clear the arp cache on the upstream device either with the command "clear arp-cache" or reloading the device

Hope that helps.