Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA 5510 problem - Static NAT not working

Hello,

We are currently in the process of replacing our Novell Bordermanager server with an ASA 5510.

I am new to this, though I have set up the unit according to the documentation. Dynamic NAT appears to work, however the static NATs i've created do not work.

Currently, access lists are set up to allow everything through. During testing, the WAN router was set to point to the security device IP as the gateway for all traffic not destined for the WAN.

I've also tried disabling the Bordermanager server and setting this device to the same public IP it had just in case the internet router (which is managed by the IP) was pointing to the Bordermanager servers IP, and it still didn't work.

NAT control is disabled.

Does anyone see anything wrong with my configuration, or can point me in the right direction for troubleshooting the issue (we've tried a number of things but, being inexperienced with Cisco security devices and network infrastructure in general, we haven't had much success in determining the problem)

My configuration (with some things censored for confidentiality reasons) is attached.

2 REPLIES
Cisco Employee

Re: ASA 5510 problem - Static NAT not working

Hi,

Just a random thought - Do you think the external MAC of your Bordermanager might be cached with the IP address on the ISP router, if so, then - you might want to ask them clear the arp entries or wait till it clears automatically or if you have access to that device - just pull the power - wait for a minute - plug it back in.

I do not see anything on the ASA config that would be a problem.

Everything is configured correctly.

Thanks

Gilbert

Cisco Employee

Re: ASA 5510 problem - Static NAT not working

ok first thing...are you getting hit counts on the access list for those public IP ?

If not then traffic is not reaching the FW for those public ip, check on the upstream router..

392
Views
0
Helpful
2
Replies
CreatePlease to create content