Hi everyone!
We got a Cisco ASA 5512X recently to replace our aging ASA 5510. We're intending to use this as the edge device between our network and our ISP's. Our ISP told us to use 12.226.xxx.18/29 as the device's outside address and mask, with a gateway of 12.226.xxx.17. The ISP also gave us the range 12.35.xxx.97/27 to use for our public servers.
I setup static NAT rules for several servers on our inside interface, so that they'll have public IP addresses, and then there's a dynamic NAT rule so that all other devices will simply use the ASA's outside IP address when accessing the Internet:
| Partial NAT Rules |
|---|
object network Skyward host 10.60.254.80 nat (Inside,Outside) static 12.35.xxx.98 object network AHSWS01-Support host 10.60.254.90 nat (Inside,Outside) static 12.35.xxx.101 object network AHSWS02-Sharepoint host 10.60.254.93 nat (Inside,Outside) static 12.35.xxx.100 ! nat (Inside,Outside) after-auto source dynamic any interface |
However, what I'm noticing is that when we attempt to swap this device inline, all of the servers which have NAT rules setup cannot access the Internet, nor can they be accessed from the Internet. However, all of the devices without static NAT rules (thus using the dynamic rule) are able to get online without any issue. I've compared the config of this device with our old ASA 5510 (which is running ASA Version 8.0(5)), and didn't find anything that stood out that would be causing this issue.
Is there a step I might've missed, or perhaps something I'm misunderstanding about how NAT works in ASA 8.3 and later? Any help would be greatly appriciated.
Cheers!
Joey
