I have a strange problem I hope someone might just know the answer to, before I start with TAC. I have an inbound static NAT for a web server on the inside network of a corporate office. It's a test server for a small internet startup. The outside access to the server works fine with the following:
access-list acl_outside permit tcp any host <PUBLIC IP B> eq 8080
There is also a dynamic PAT for all outbound traffic on PUBLIC IP A, which is also the outside interface address.
So, browsing to http: // PUBLIC IP:8080 works from the outside just fine, but users on the inside network get nothing when trying to browse http: // PUBLIC IP:8080
I did a capture on both the inside and outside interfaces. You can see the S packet go through from the client IP (on the inside network), but nothing ever shows up on the outside interface, nor are there ever any acks. Additionally, there is no traffic to the INTERNAL HOST. This tells me that the client IP is never NAT'd, nor is there a sync issue (the INTERNAL HOST never sees to the request to send an ack to the client's real ip). Where is this traffic lost? Is it an ACL issue? I've tried to add an ACL to the internal interface, but it doesn't seem to matter. Anyone got any ideas?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...