09-18-2018 03:29 AM - edited 02-21-2020 08:15 AM
Hello All
I recently configured a cisco ASA5508x firewall at my workplace but can't work out an issue i'm having with the NAT rules.
We have a couple of external IP addresses which I want to NAT to a couple of internal servers depending on the service.
For example the way I currently have this set up is (different IPs):
object network Host_LDS-SV05_HTTP
nat (any,any) static IP_187-**-**-54 service tcp www www
object network Host_LDS-SV05_SMTP
nat (any,any) static 187.**.**.51 service tcp smtp smtp
object network Host_LDS-SV05_SSTP
nat (any,any) static IP_187-**-**-55 service tcp https https
I've then created a access rule which allows outside traffic in to the network object Host_LDS-SV05 as long as the service is in the service group Host_LDS-SV05_Services_Allowed.
This doesn't work though. Is this the best way to do this? Any help will be much appreciated as I'm currently going round in circles. I've added a couple of screenshots of the access lists and NAT rules. Is there something obvious I'm missing.
General internet traffic is working fine using the nat rule:
nat (inside,outside) after-auto source dynamic any interface.
Many Thanks
Tristan
09-18-2018 04:54 AM
Hello,
Can you please attach a packet-tracer output:
packet-tracer input outside tcp 4.2.2.2 3344 <public ip> <port> det
Also, make sure you have access-group configured.
Some syslogs would also help troubleshoot the issue.
HTH
AJ
09-21-2018 01:09 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: