Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA NAT Problem

I am in the process of rebuilding a config from a 5510 to a 5512.  The config on the 5510 is running 8.4(2) and I'm loading it onto a 9.0(3).

I've got several things setup, but I'm running into problems getting the External to Internal static NATs working.  Here is a sample of the code I'm using (This server hosts an FTP server):

object network server1
 host 172.x.x.100

object-group service passiveFTP tcp
 port-object range 35000 35049

access-list INTERNET extended permit tcp any object server1 eq ftp
access-list INTERNET extended permit tcp any object server1 object-group passiveFTP 

object network server1
 nat (inside,outside) static ex.ter.nal.ip

access-group INTERNET in interface outside


Am I missing something that is different in 9.0?

Everyone's tags (1)
CreatePlease to create content