https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927135#M156974 <P><SPAN>[@ryan.lambert]</SPAN>&nbsp;&nbsp;</P> <P></P> <P>Please take these below packet-tracers:&nbsp;</P> <P>#packet-tracer input outside match icmp 8.8.8.8 8 0 &lt;server_public_ip&gt; det</P> <P>#packet-tracer input inside &lt;server_private_ip&gt; 8 0 8.8.8.8 det</P> <P></P> <P>You can try also take captures on ASA inside and outside interfaces to see if traffic reach and left the ASA:</P> <P>http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html</P> <P></P> Mon, 18 Jul 2016 06:03:26 GMT Dina Odeh 2016-07-18T06:03:26Z https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927133#M156972 <P>Hey all,</P> <P></P> <P>I have a server that is NATed from a private address to a public address (static 1:1), and while inbound traffic to it works, if it tries to browse the internet it cannot. Other things on the internal 10.x.12.x network can browse just fine, unless they also have a static NAT. Name resolution works fine.</P> <P></P> <P>This definitely seems related to NAT, but not sure what. There's a lot of cruft in this config that needs removed, but I'll post it here. Most of this looks like leftovers from an upgrade/translate.</P> <P></P> <P>Doc attached. Any ideas why static NAT hosts can't get out, but inbound works fine?</P> <P></P> <P>Thx.</P> <P></P> Tue, 12 Mar 2019 08:01:27 GMT https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927133#M156972 ryan.lambert 2019-03-12T08:01:27Z https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927134#M156973 <P>Should note:</P> <P></P> <P>The host with the static NAT is found on interface "inside". Probably relevant info. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 14 Jul 2016 19:36:56 GMT https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927134#M156973 ryan.lambert 2016-07-14T19:36:56Z https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927135#M156974 <P><SPAN>[@ryan.lambert]</SPAN>&nbsp;&nbsp;</P> <P></P> <P>Please take these below packet-tracers:&nbsp;</P> <P>#packet-tracer input outside match icmp 8.8.8.8 8 0 &lt;server_public_ip&gt; det</P> <P>#packet-tracer input inside &lt;server_private_ip&gt; 8 0 8.8.8.8 det</P> <P></P> <P>You can try also take captures on ASA inside and outside interfaces to see if traffic reach and left the ASA:</P> <P>http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html</P> <P></P> Mon, 18 Jul 2016 06:03:26 GMT https://community.cisco.com/t5/network-security/server-w-static-nat-can-t-browse-internet/m-p/2927135#M156974 Dina Odeh 2016-07-18T06:03:26Z