https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585110#M203562 <P>I can't seem to get my firewall to allow ftp traffic to my dmz server.&nbsp; I want to be able to have ftp traffic hitting our outside IP address forward to our DMZ ftp server</P><P>&nbsp;</P><P>Access rule in DMZ; set to Source (external IP) destination (dmz server) service (ftp)</P><P>when I packet trace i get:</P><TABLE border="0"><TBODY><TR><TD><TABLE style="border-left-width: 1; border-color: #cccccc; border-right-width: 1; border-style: solid; border-top-width: 1; border-bottom-width: 1"><TBODY><TR><TD><P>nat (DMZ) 0 0.0.0.0 0.0.0.0<BR />nat-control<BR />match ip DMZ any outside any<BR />no translation group, implicit deny</P></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><P>NAT rules are as follos</P><P>DMZ</P><P>static - source (DMZ server) interface (outside) Address (External IP)</P><P>&nbsp;</P><P>I also added and outside NAT rule</P><P>static source (external IP)&nbsp;&nbsp; interface (DMZ) Address (DMZ server)</P> Tue, 12 Mar 2019 05:06:59 GMT astutemed 2019-03-12T05:06:59Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585110#M203562 <P>I can't seem to get my firewall to allow ftp traffic to my dmz server.&nbsp; I want to be able to have ftp traffic hitting our outside IP address forward to our DMZ ftp server</P><P>&nbsp;</P><P>Access rule in DMZ; set to Source (external IP) destination (dmz server) service (ftp)</P><P>when I packet trace i get:</P><TABLE border="0"><TBODY><TR><TD><TABLE style="border-left-width: 1; border-color: #cccccc; border-right-width: 1; border-style: solid; border-top-width: 1; border-bottom-width: 1"><TBODY><TR><TD><P>nat (DMZ) 0 0.0.0.0 0.0.0.0<BR />nat-control<BR />match ip DMZ any outside any<BR />no translation group, implicit deny</P></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><P>NAT rules are as follos</P><P>DMZ</P><P>static - source (DMZ server) interface (outside) Address (External IP)</P><P>&nbsp;</P><P>I also added and outside NAT rule</P><P>static source (external IP)&nbsp;&nbsp; interface (DMZ) Address (DMZ server)</P> Tue, 12 Mar 2019 05:06:59 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585110#M203562 astutemed 2019-03-12T05:06:59Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585111#M203563 <P>Hi,</P><P>Which ASA software version is in running in your firewall?</P><P>If you want the ftp traffic, which initiate from external network, redirect to FTP server, configure the below commands:</P><P>(<STRONG>ASA 8.2 &amp; earlier version</STRONG>)</P><P>1. Create static PAT</P><P>static (DMZ,outside) tcp interface ftp &lt;DMZ server ip&gt; ftp netmask &lt;netmask&gt;</P><P>2. Create an ACl to allow ftp from external network</P><P>access-list outside_inside extended permit tcp any any eq ftp (If you know the source address, you can mention the same here instead of 'any'. That is more secure)</P><P>3. Bind the acl in the outside interface with 'in' direction</P><P>&nbsp;access-group outside_inside in interface outside</P><P>Regards</P><P>Ejaz</P><P>&nbsp;</P> Fri, 21 Nov 2014 05:40:49 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585111#M203563 Ejaz Ahmed 2014-11-21T05:40:49Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585112#M203564 <P>Hi,</P><P>In Addition , you might also want to check for the FTP inspection based on which mode you are using ?</P><P>For Active , you would need inspection as per your setup.</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Fri, 21 Nov 2014 12:31:47 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585112#M203564 Vibhor Amrodia 2014-11-21T12:31:47Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585113#M203565 <P>Running ASDM 6.4</P><P>ran the above lines which makes sense however I'm getting dropped at the implied access rule</P><P>even though the rule allows outside access any to inside via ftp service</P><P>&nbsp;</P><P>@Vibhor I see under Object that there are 'Inspect Maps'&nbsp; however they weren't set.&nbsp; I ad one for ftp set to low but it still is dropping at the access rule</P> Fri, 21 Nov 2014 23:43:52 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585113#M203565 astutemed 2014-11-21T23:43:52Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585114#M203566 <P>Hi,</P><P>Can you give me the output of the packet tracer with the IP address information.</P><P>Thanks and Regards,,</P><P>Vibhor Amrodia</P> Sat, 22 Nov 2014 09:21:58 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585114#M203566 Vibhor Amrodia 2014-11-22T09:21:58Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585115#M203567 <TABLE border="0"><TBODY><TR><TD><TABLE style="border-top-width: 1; border-bottom-width: 1; border-style: solid; border-color: #cccccc; border-left-width: 1; border-right-width: 1"><TBODY><TR><TD>Config</TD></TR><TR><TD><P>nat (DMZ) 1 10.0.0.0 255.255.255.0<BR />nat-control<BR />match ip DMZ 10.0.0.0 255.255.255.0 outside any<BR />dynamic translation to pool 1 (184.188.XX.XX [Interface PAT])<BR />translate_hits = 0, untranslate_hits =</P></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><P>NAT Rule : Source is internal DMZ.&nbsp; ENGftp is external IP provided by isp</P><P><IMG alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAnYAAABwCAIAAAAc8KqaAAAVZElEQVR4nO2dP2gbWbvGT+lyy5QxfM12V5Am5We4RQQurmGLDWyxCBeXsMXFpFjMbYxIcTEuFpFCiBQBuTAoxYK2MChNwCkC40IwKQxOkUKFCxUppnDx3mKcyej8mzMzZ+acM3qGH2Z0NDN632fecx6d0Uhm8TICAAAAgHWY8wgAAACATgKLBQAAABoBFgsAAAA0AhueDEPEuXAAgHZwPtpYh4icqwragd2uKDhgsQBsD8OT4eKaugQsdnuAxYINwn2LHW7kUKwwzvkn6hJByA6sAIsFG4Qy7HYpcihWGKdzU4TFgmrAYsEGoQy7XYocihXG6dwUYbGgGuz2KwVH0BbLvi/OI5ESyrDbpcihWGGczk0RFguqsV0W69zb8q/up8uGMuzWjNzKiejv9zls5XJ6dprhiWIO2SqLJaLVen31lUaf6MU72ntNvf+jn/6Xdv6knT9p94SentHRBS2WAZw4EC8jFn8lKSy3qLZxRTWLZYzReELjSfvexooW53WQUWHYHb5q5KLC8NUwpYnIGWOT8URcL0V/v0+5pabL5m319Ox0ej6dnk+5RssKB2SxHylPYYfKL9y+PqCTfZVMljT9TKef6PgDHV3Si3/o+QX1z+npG/r5jHZPaPQumX1MnJ8XYILWYqnHqFfTYsXd63u2ymL1PY2uGWOMDgdlLa2mBTLGBuNocv1jLJ5cPzAYR4Nx1Dus5fp2HbrssFvWCJs7rFuLTe4pfVjNZU/PTifjSUrqr5nRck85OddHL48ePd599Hi396T34o8Xds91/qSo4hQtdn13a0J6cp17qonFEtHtHR2/p+mSZ/KRjv+h5xf09IyOL2ixTI4v6lqsV+/sO0yRxY6NZrEPUzEfLHZMEhija0bXLBrLp4z6OWXakv9bTmLGeocTPYVR6Y9fql1PKaPKjNCuy1Y7YFmLTQffbKVCnJmn9vf76yRdmXIYHirz0dOz0+nbKUf+WVsimyvWe9Lb2e/3/hrtvV+c/j3b+/V5/1nB2wixQ5lUYzsWK53gtjzZlcq+uKH5khZLmn9ntqTZNU0/0uiShu/o4DUNxrRYJsO/k92XiUpw8y5QYQP9UAkkisVfKM+Gft8t9oegmxtze6meKmwpi8ZiaXNJ7ov9tbDa8s9WqyrGWDpnJaJ0RptOXvVTWMPXdWWxnL9adNkWLDb+Pnmt7K/xMurv95N7Wie0+ka3a4rvqL8/3bx0bOqyeROV4spij14e7ez3f/p7Prpbx0TRN4qJ9n59Pjgc6LWtEI/WYpM8+XO3vrsdHA4yFBa7sa90vU2ksg8vaXFD8880vabRRzp9T8NLOj5fH4+j4/P4+Dw+OIv3Xq5Gl3Twmn76lbfYsuJXs9g653c7YfGXJM+Ds2aMcw8Zv3G2C7fycJwfxixvqYyhxYr+qhpMC9+vZdtUe/smtdjUXw0tNv+Qi0HTrnmowtCopP5qy2Vbs9h0qWOx3yevGbzFpn8LD5W/GqyhfYvtPen1/hql/poxv0t6T3p6baUtXJ/iTkQpi2WMRfQwnR0cDtiHhH1I2PfZbea1eovNHmaNWSTca2WN+u25LZnCwqWyH13Q7Jpm13T6no7/oaMLOn6zGr27ir6tb4liSubr9ejd1fDtbe8V7fxnscVqpOY2k26vOSniyxm+qP6wnURhsWP2wDX7sc7Y4HBgYrHZSrYutpjANpdSFiv6K9NarFgH0hqqVhms9ixWGoAqMFWL9LAcJsOuxl8ru+zsYiYev9QRKty8oykJE/r7/XTyGn2lxRea32Se2k8nuOZXjEWLVU1nSwmSp5pijx7v7r1fcBYbEz39rz29sFyfKlulXJyaWWw6ec0sNn2YPctKWqymnWmNkwnWq5koS2UfvKXRR5p/psUNXX2lwZiGb66ib+s1UXJPq3uKiGZJMnxztfsy2Xu54gTXyCgdu0Rr1G+veTnplpoX1Z/ujiGz2GyhHhuzXq6hZYvNx2M+i00yfyXK/HV+Q3qL1deQSdnpVLY3i9UMXtL2bF/uWRWubneqb9vlZ7FDxhhj1SPv7/ejlXwWm9w/XD2OVrT4UjyRlVrs7GKWp8JNxRp/NVSs96R3NJ6M7tZ5l42+UeVZbGGLNM75hyQP25ytDg4HWW1nk9d0jpv2em5f8WHWmO8m3MZii2Z7cSWPVPa913T6nqbXNLumyTUdnMWjy+iW6IfF3idzotOP8dPDOFquOXnF3q0ZEGLBGvUDiOb8Sg+rf1GTgagzKN2OsR+fxeY/6tBPNJnCUMWWUi5rfqE4+2yMMRaNf8xfZ5+9s9j6s1iTdlWCKhzeUVxzWlzBYifjCWPDlArT2f5+P528zj7TdEmT641ZbMZsac1i07/lVFV/w81EscHhYO/3QWqxmcsev520bLGzD0keVnS7EzeL5fYVH+b/iu36Fumz4koeqew7f9LBa9p7TT+f0c9n9PRkNfkUR0S393R7TzEli+8WO72I6J5MBFdJLTbqj1B48FIvulWw+CaRwlmsZjPxYb5R1VIHjcVm955klj+/ebjx3TeLLTWLlfYEVWD6wUufgtsv7dS57Gweed5WM3Ot4LLiT0/096fr5GHyevWF0tpLrVd/KJXF5r8ma/0LsuZ3FJ+eTzOXPT2fHr086D3paVzWjcUK9zpln8WqLJYzQrcW++Id/fTfCft1zX5P2G/Jo99vR5fRgmhxn1zdJ4v7ZH6fzIhGl9HtzcpQcJXUsTCkFG6vP3jZF9Ufv0toLfb7UtZiud1VLU1YbHZ17uorLbLpxZIm1wUWuxGe0MhVZNnikFqsySyWC4lr5ypV3Fiajj5U59+LrfyxrmHkqZVm5lrHYkX6+9PbO34WW8diZxez9Dcopucb3+GxI7XxuX7+2/PUUx893k2rKLocTc+nqm/vqEZ86QirqvN8nBKLvdxdvPr+9+52fThYPGbrwwHXzmQWmy1Sr+We5VqYMAmWPiuuFFosEa3WdHv3wHqdTC+i6ZfVnGhONCOaE02+rEZvFsk3/kuxUulEYaUDWv7saAYQ1cupRifVyGM4EHUGFt0kKvLXhzWbtY/GYuO7B3/NX75LYfXubamlcqVZrBOqfS/WcgxN3u7Eeap1i81qLys8K7PYH9NZFxbLcfDLwcEvB+v1Yno+baFP2Z3FVkZqltUwkZ2IVl9Xw7P55FM8+bKafl0dX8wHv/WjyyEl+GmnYNBZrLdU+3Un3yy2cBbrhArfi20kjPKHrWax8ffrxlZqQ/zpCfPfoJC46ebk1eEslmP+97z/rN9/1l+vF48e79o99dI4Z++TPIU9nev13O6lyI5T5yAchrIT0e3Navp2MXw1Hb1ZDF9N9/61c/WaxR+P4LKhwKLPSXBo7uAo/GahG5UZS6etHKHPYr2i7GexWTE4LAwNqi/ttP9ZrJTp+fTgl4NHj3fnf8+blkK02Nn7xORrxBkW3bFNi02he6IkofuEiKJP0fB/+vH5TvS+qZ+xBHbpmsX6SeEbbecRZmyDxcbLyENP9Vwxt3HO3q+7RGXZU5cdPNsdPGv84gGwAiwWbBDKsNulyKFYYZzOTdETiwXBAYsFG4Qy7HYpcihWGKdzU4TFgmqw6PM6OGCxzRHKsNulyKFYYZyzy3WXCEJ2YAUWLdfBAYttjlCG3S5FDsUK43RuirBYUA1YLNgglGG3S5FDscI4nZsiLBZUg3H/jiMUnAsHAGgH6uLiXFXQDh59XQQAAADoErBYAAAAoBFgsQAAAEAjsNFfpwAAAACwzsa/WwcAAACALZjrG+sky96/91yHEMwCrbD4vKA+sWznklU+I89uHx+eDNPgnEfiP9AK+AzqE2wn+cqHxQYMtAI+g/oE2wkstiNAK+AzqE+wncBiOwK08gGv/t2vV6A+PaF+iaLISwGL7QjQygT9/70v215ny20D9VkNtrlYOWCp9jpbghgW2xmgVSH5oaGhYQKjjwrUZx0s1hUstmVgsR0BWukRx4W0Rfwbb04d8s+KkwmuBaOPCtRnHcR3h2Ktcg9VVVq4o/Sh6sigEFhsR4BWejQWyxmkajjTT4LFbUAe1GcdRKtTbaMxY/FQ+h1NngWFwGI7ArTSYz6ylLJY6XwXiKA+66BxOE0Fim8iY7PSZZuLPgCgBxbbEaCVniYstnDGADJQn3XQTzHz65pnyxazSQCgEFhsR4BWhajey3ONsNgmQH3Wob7FxuWL2fCwQA8stiNAKxPy176yFnFdepWs7NU2kAf1WQe9ceqv6HI1ryrdrIV7VvVCwBBYbEeAVk2A0cQWqE+wnTRisbbe0bvqlmxzcX6SfNaqk4R16oMA9Qm2E1hsQRahgCEM+AzqE2wnli2WCYut4NpH/4mdNEeHsx8MYcBnUJ9gO7E/i7V434fnFlvY0iaZVsOTIQAegvoE20lW+bBYpcWKeennta4sFgAAgJ/UtVi7V4lDtFgncXJaYam5eCKjJ2FYXLqXUXPLNmvVvdyzjOx8FmvRbLyy2Lj8peM2catVZ/BERk/CQEbQCrlbzAgWK8lF1YLbnTqJJzJ6EgYyglbI3WJG+OkJHdLrxv7glVbh4omMnoSBjKAVcreYESxWByx2G/BERk/C2LaMPPm9kTa10l+r63bu7WcEiw0Yh1o5vI+6BRmrZVfzg/maZ7PmGWniPDZXn/pMzXPxp3qta1VKn6At1vPKh8UGjCut/BmYGpKxmlnWlKXO2fTzjDRan5qUYbHx1lisP2dQlREsNmC8sljujaTq7uv8Btz2/tw1pvqAQH+zG7fe5tk0PyNieM2dl3YsVpzEFD7M/9Un21qV2tVK1Q1V6UhrozU1ul35sNiA8eFCcfYw/5SqRbq9dGO3MkrD0+dYPwtbl8s0Z6TwfHmVUWG++lzK6iAevM0qbdpi6/TQQjXc5u555cNiA8YHrUzsRz/wxZvvpn22WC5ILlpPDEkTrebEqbapc148sViNDpp8ravRplaiOBV6aGG12xKh25UPiw0YH7Qy7K7SFtVD5zLq+6SoQGGC1cKwdUZMktIMRhaFtUgp81AlpV9vs0otasWExVAlkwJuwmi7Xfmw2IDxQSvrFtu+3Rre7lQYf6m9xDSbG2hMhp7CgcbhmwZNmoVZlH22OTVa08qwOKspU/jQYe5+Vj4sNmAc3u6Uf4PMNao2E4s4v724u0MZpQmaxCwm247FmpwRk4HG7nlp50s7miwKdVCd3ybUaE0rManC7EQlC3O3KEW3Kx8WGzDQqksyehIGMoJWyN1iRrDYgIFWXZLRkzCQEbRC7hYzgsUGDLTqkoyehIGMoBVyt5gRLDZgoFWXZPQkDGQErZC7xYwYEQ1Phl6RBuc8jCCAVl2S0ZMwkBG0Qu62MmJ7/94DAAAAgHUY0QoAAAAA1oHFAgAAAI0AiwUAAAAawQuLZcyLMAIKzIest1McAAAw58coqbk5SrJbbuEaxYdscxEPJR5Tuln+Kf34zoVRXZ3aLiI9giZNa+e1lazhsgAAoGHDYkm2qCxWXNc7rrijuLsySoPjmD9bQp16x1GZqK13AA0BiwUAACtYsNjsoeqvai8yNhvNpLbwoWobVeRiu3Rfw2loocXqX73wdblMxfcrTWcNlwUAABXtWWyh2UgdRXxWczTN62q2lx7T0ISK9a1nsZrjiHaoj7yhrGGxAACggrdYtrlUsFjpiriLplHTLr5W1pj34FIWq1nP/orHN7QWc4vVyMg1SjMta7G2sobFAgCACvuzWP2K/jiF7eJrSdetW6xq30KDsWuxmpYmLNYka1gsAACosGCxGh/VD9aq45js4spi9e6oP75JppXzatRiDYMEAACQp7rF5i8hZo3iZtzG+iuNmm2kL5f3FW6DbF3cRvXq4nFU+5rkXjYdqRriuiZCTnNXWQMAAEjZsFjz78XajKATw7SVLIKTIriAAQCgTeRDZNO2ygcR+EhtK/6wdAgrWgAAaB+MkgAAAEAjeDGLBQAAALoHi5cRAAAAAKzDdv71QmR4MpS2t0O8jBy+elhAqy7J6EkYyAhaIXdbGcktdsepy3ZPbmjlOZ7I6EkYyAhaIXdbGQU2i2WHPbruOZfPH7pXmtssoydhICNohdxtZRTYLBYWW6jVaDxR4Txab/Gkh3sSRhAZEZHz7JrWanv6cocrv+4stolCh8XW0Wo0nkh/pYsx1r2e2ZyMQYeRnnHn6ZTNSBOz+JQnCTaq1fb05Q5Xfq1ZbEP52LLYfFHuFPXJ/LOenKRqWqXdkm0u0XWk6ZacUPlG8SHX21Xbh4VvFjugQSGqg3hVybYstubGQWC9L5tLJO7VsrwdrvzAZrHmlH3b6/yU2NIq65aj8YQxYoxMuqW4buKgsNiGwjAZaFRjjZ8DzU5uHFfFKW4gjviif5S1E2+x3pfNKTtaNpd79yq/7mexTVvsz39OUh7C3ZzFcs/qA9P3TH1/dnu2DLVKyb3zpWrdMi+C+Fe6lzhuaoZC0ZidK+yhxbL/YCnpmJKt5xulYw1XyeJ6m2pnGYnVYtJSZ5fgaKIv7xT1O2nX3mm9cjpc+QHMYjUWyz2rUVwTqknv9RZbF5dUgoh/NbtIV4JQ2EOLTccUbiVb14w1qtPkxI3qWKzhLk4G0Ea1yrDyoU81GVuunA5Xvu+z2J0aFssFKbqCvqSC6LGqbhldRxzVLFa6otpFv7GqYzvXUCqj2zD0A03+4YAGvfFGj/BzoKn2lovrnoF20rJaZdTvy3WUL1xvIvfuVX6XZ7FckHrRA+29nFaau/xH44mqZ5a1WM2bFcO3LNy6c6nDsljNKKPXWXXGW8ioco8zt1jnVWRLqxQrfbmy8n5abIiVb+GOYutBWx/vtspiube9z/94/vyP51cfrq4+XJl0S5WPamTRO3Sh/j5I7bnFcp9IaUYZjc5uB5od2XDBvS3LWsSNuQ3EXZyXkF2tdmz0ZbElOIvtQOV39tedxK64k+vA0g3y3ZvbxqEapbQSu2X6nrewW0q1EjfjNpb2T3EzveA+yOunxeqRjjLS06E6I9sjbBBY78ti91R1RmlJtFk5Ha58/LpT2IjdkmmX1r6xrnJoP/HECbIweuNeIfXPyPYIGwRO+rJJVbRQOR2u/M7OYreEUj+61uZPr8FifQsDFus5bfblUrO6Ni22CXy02B3MYgMBQ1iXZPQkDGQErZC7rYwCm8UCaNVhGT0JAxlBK+RuK6PAZrEAWnVYRk/CQEbQCrnbyojFy0hkeDKUtgMAAADAEEaKZXgyVD3V9BIvI1cvHdwCrawsnsjoSRgWl+5l1NyyzVp1L/csI7nFOvRX6qLczS3QysriiYyehGFx6V5GzS3brFX3cs8y+n+mXsnjgtzcvQAAAABJRU5ErkJggg==" /></P><P>outside (incoming rule)</P><P>any , any&nbsp; for ftp</P> Mon, 01 Dec 2014 21:54:39 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585115#M203567 astutemed 2014-12-01T21:54:39Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585116#M203568 <P>You could also run a packet capture between the outside and inside interfaces.&nbsp; If you see the pack enter the outside interface, leave the inside interface, but you never see the return packet then you should check the server settings and the network between the ASA and the server for issues.</P><P>Refer to the following link for instruction on running a packet capture:</P><P><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html">http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html</A></P><P>Also, I noticed in your original post that you have a NAT 0 statement matching all traffic from the DMZ.&nbsp; Is there a reason for this?</P><P><STRONG>nat (DMZ) 0 0.0.0.0 0.0.0.0</STRONG></P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Tue, 02 Dec 2014 08:31:09 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585116#M203568 Marius Gunnerud 2014-12-02T08:31:09Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585117#M203569 <P>to be honest I couldn't tell you about the NAt dmz.&nbsp; This was already configured and there weren't any notes as to why</P> Fri, 12 Dec 2014 21:12:09 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585117#M203569 astutemed 2014-12-12T21:12:09Z https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585118#M203570 <P>Do you have public IPs configured in your DMZ? The reason I ask is because NAT 0 will be matched first.&nbsp; So, If you have public IPs configured in your DMZ you will be ok.&nbsp; But if you have private IPs then you would run into problems.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Sun, 14 Dec 2014 00:02:54 GMT https://community.cisco.com/t5/network-security/asdm-6-4-nat-failure/m-p/2585118#M203570 Marius Gunnerud 2014-12-14T00:02:54Z