Thanks Dinesh,

kamlenegi · ‎03-08-2016

Hi all,

Require urgent help to configure dynamic & static nat parallel in Cisco ASA 5585 ver 9.5. Public IP is same.

172.16.1.15 - 125.x.x.x - Static nat (Requirement for incoming mail)

172.16.1.10, 172.16.1.11 - 125.x.x.x - Dynamic nat (Requirement for outgoing mail)

Thanks

Kamlesh

Dinesh Moudgil · ‎03-08-2016

Assuming you have interface named inside and outside

object network obj_172.16.1.15
host 172.16.1.15
nat (inside,outside) static 125.x.x.x

object network obj_172.X.X.X
range 172.16.1.10 172.16.1.11
nat (inside,outside) dynamic 125.x.x.x

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

kamlenegi · ‎03-08-2016

Thanks Dinesh,

However, we are able to get natting from outside to in but not inside to outside.

Thanks

Kamlesh

Dinesh Moudgil · ‎03-08-2016

Try this and let me know how it fares

object-group network net_servers
network-object host 172.16.1.10
network-object host 172.16.1.11

object-group network net_public
network-object host 125.x.x.x

nat (inside,outside) source dynamic net_servers net_public

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

kamlenegi · ‎03-08-2016

Hi,

Still same problem

thanks

Kamlesh

Dinesh Moudgil · ‎03-08-2016

Can you share output of this command

packet-tracer input inside icmp 172.16.1.10 8 0 4.2.2.2 detail

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Cisco ASA9.5 Dynamic NAT & Static NAT require parallel ( Urgent Help)