I have problems with SA540 and NAT. I’m trying to use three public IP-addresses. One is for SA540, one is for Exchange-server and one is for Citrix server. I have read the SA540 Admin Guide and follow the instructions but the NAT doesn’t work. I can access to SA540 from the outside network but there is no connection for Exchange or Citrix servers from the outside networks. I have used Cisco ASA5505 before and they works just fine so I think some kind on knowledge about how this things should work. This is how I have done the Firewall rules (example is from HTTPS rule):
From Zone: WAN
To Zone: LAN
Action: ALLOW ALWAYS
Source Host: Any
Internal IP address: a.b.c.d (Exchange-server private IP)
External IP address: Other
Other IP address: e.f.g.h (Exchange-server public IP)
There is a bug written for the problem that you are seeing. It isn't resolved yet. I will let you know when this is resolved. I do apologize for the inconvenience.
The bug ID is CSCtc52591.
Thanks for your answer. We already get ASA5505 which is quite familiar to me. But it would be nice if we get the SA540 up and running so that we can use it in future.
Does this apply to all static NAT'ing on this device? Makes it pretty useless for anyone who has a server they need to expose. Can you do a PAT only without a one-to-one? I think this will be the last time I get burned by this Cisco SMB stuff. All these devices end up being overpriced subpar POS's.
As mentioned, this issue has a bug ID and will be addressed in the next revision of firmware. As of now, there is not an ETA on the release.
I guess the SA 520W has the same problem?
i just bought 2 of those and have no direct need for that feature but i was planning on buying the SA540 for our main office for the SSL-VPN.
But for that one i need that feature.
Is there a place where we can check on updates on the bugfix? or can we sign up for an alert when the new firmware comes out?
No command line access on these boxes?
As mentioned there is a bugtrack that is only available at this point to Cisco employee's.
The firmware for the SA540 is the same firmware for all SA500 devices so any issue with one platform will be carried across to the others.
There is no command line access to the SA500 devices.
I opened a case about this and they told me "there is no practice of presenting Beta versions of firmware to the customers" so no luck for me.
Who did you open a case with? What is your case (SR) number?
Let me look it up and make sure the case was submitted properly.
You may also call the STAC at 1.866.606.1866
Your case has been requeued to Case Management and the point of contact should contact you regarding the beta firmware.
Have a great weekend,
What's the status on this? It's completely ridiculous how long it is taking to get this issue resolved. I have one of these devices just sitting in my office waiting to get installed at a customer, but it's worthless to them without 1-1 NAT. Should i just return it?