i have an intressted problem with my ASA 5510 CSC
i configured many firewalls till yet and i configure the normal static often times but this time it is not working as assumed.
Cisco ASA 5510 in failover
Public Network: is a x.x.x.128 /28
the two ip's that are configured on the outside(.130 &.131) are working fine with pat and static etc.
but when i configure the third public ip in the subnet with a static
static (inside,outside) x.x.x.133 172.x.x.x netmask 255.255.255.255
it is not working
the firewall has an default route to the ISP Router x.x.x.129
Here a capture
fw-001(config)# sh run access-list vpn
access-list test extended permit tcp any host x.x.x.132 eq 3389
access-list test extended permit tcp host x.x.x.132 any eq 3389
fw-at-klu-serA-001(config)# sh capture
capture vpn type raw-data access-list test interface outside [Capturing - 0 bytes]
i try to access a server with rdp from the outside but no hit.
when i set an traceroute from an client to the .130 the fw is working, if i trace to .132 the last hop that i can see is the one hop ago the ISP onsite Router the .129
i thought that be an routing issue on the Provider site but they told me that everything is fine, because when i connect me with a PC to the Internet VLAN and give it the ip x.x.x.132 it is working fine. The Provider also told me during the test he cannot see an arp enrtry in the ISP Router from .132
has somebody an idea ?
Can you please check your Nat again :-
your Static command show .133 and you are complaing about 132. Is that a typo here or is also a typo on the firewall.
Also can you please check the Subnet Mask on your outside interface for /28 & have your ISP clear arp cache on their end.
problem is resolved, the problem was that proxy arp on the outside interface was disabled !!!
thnaks for your help