Thank you, I will try the Command , it may help me.

I am using Cisco Adaptive Security Appliance Software Version 8.4(2). so the static (inside,outside) public_ip 192.168.101.X netmask 255.255.255.255 command doesnot work, any appropriate command for the above version ??

I configured my ASA 5510 with the above commands but now the server is not being able to connect to internet and the mapped public ip is not being able to get ping from internet as well as from the Same network inside.

Please provide me your running config.

The command for same is

show running-config

hi , here is the running config :

ASA Version 8.4(2)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password zzzzzzzz encrypted

passwd zzzzzzzzzzz encrypted

names

dns-guard

!

interface Ethernet0/0

nameif wan1

security-level 0

ip address xxx.xxx.xxx.xxx 255.255.255.252

!

interface Ethernet0/1

nameif DMZ

security-level 0

ip address 192.168.101.1 255.255.255.224

!

interface Ethernet0/2

nameif INTERNAL-LAN

security-level 0

ip address 192.168.200.2 255.255.255.252

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

regex domainlist1 "login.live.com"

regex domainlist2 "login.live.com"

regex domainlist3 "yahoo.com"

!

time-range always

periodic daily 0:00 to 23:59

!

time-range off_hour

periodic daily 17:30 to 23:59

periodic daily 0:00 to 10:00

!

time-range office_hour

periodic daily 10:00 to 17:30

!

boot system disk0:/asa842-k8.bin

ftp mode passive

clock timezone NPT 5 45

dns domain-lookup INTERNAL-LAN

dns server-group DefaultDNS

name-server xxx.xxx.xxx.xxx

name-server xxx.xxx.xxx.xxx

domain-name default.domain.invalid

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network obj-192.168.101.0

subnet 192.168.101.0 255.255.255.0

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network full_access_grp

host 192.168.40.92

object service Net_bios_port

service tcp source range 0 65535 destination range 445 445

object network VLAN-40

subnet 192.168.40.0 255.255.255.0

object network Test

host 192.168.40.25

object network testserver

host 192.168.101.3

object network mappedserver

host 192.168.40.92

object-group network Full_access_grp

network-object host 192.168.40.92

network-object host 192.168.40.14

object-group network Top_levels

network-object host 192.168.40.30

object-group network FB_allowed_grp

network-object host 192.168.33.50

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

protocol-object ip

protocol-object icmp

access-list mappedip extended permit ip any object testserver

access-list mappedip extended permit ip any object mappedserver

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu wan1 1500

mtu DMZ 1500

mtu INTERNAL-LAN 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645-204.bin

no asdm history enable

arp timeout 14400

!

object network obj_any

nat (INTERNAL-LAN,wan1) dynamic interface

object network testserver

nat (DMZ,wan1) static xxx.xxx.xxx.xxx

object network mappedserver

nat (INTERNAL-LAN,wan1) static xxx.xxx.xxx.xxx

access-group mappedip in interface wan1

route wan1 0.0.0.0 0.0.0.0 yyy.yyy.yyy.yyy 1

route INTERNAL-LAN 10.10.1.0 255.255.255.0 192.168.200.1 3

route INTERNAL-LAN 10.10.2.0 255.255.255.0 192.168.200.1 3

route INTERNAL-LAN 10.10.3.0 255.255.255.0 192.168.200.1 3

route INTERNAL-LAN 192.168.32.0 255.255.224.0 192.168.200.1 50

route INTERNAL-LAN 192.168.99.0 255.255.255.248 192.168.200.1 3

route DMZ 192.168.101.0 255.255.255.0 192.168.101.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.40.0 255.255.255.0 INTERNAL-LAN

http 192.168.101.0 255.255.255.0 DMZ

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no service password-recovery

telnet 192.168.200.0 255.255.255.252 INTERNAL-LAN

telnet 192.168.40.92 255.255.255.255 INTERNAL-LAN

telnet 192.168.40.0 255.255.255.0 INTERNAL-LAN

telnet 192.168.32.0 255.255.224.0 INTERNAL-LAN

telnet timeout 30

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

webvpn

!

class-map type regex match-any DomainBlockList

match regex domainlist1

match regex domainlist2

match regex domainlist3

class-map type regex match-any Blocklist

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect http http_inspection_policy

parameters

class BlockDomainsClass

  reset log

policy-map type inspect dns migrated_dns_map_1

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns migrated_dns_map_1

  inspect ftp

inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect http http_inspection_policy

  inspect icmp

class class-default

  user-statistics accounting

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

hpm topN enable

Cryptochecksum:daf6cc93137b486a20a15b926adc22c0

: end

Please change the security level it should be like:

interface Ethernet0/1

nameif DMZ

security-level 50

ip address 192.168.101.1 255.255.255.224

interface Ethernet0/2

nameif INTERNAL-LAN

security-level 100

ip address 192.168.200.2 255.255.255.252

Thanks Gourav,

                      The Command Worked. All the problem with the server not getting pinged was the Routing Problem for the Public_IP From the ISP to our gateway P2P IP.