Showing results for 
Search instead for 
Did you mean: 

5525X ASA resolving static Nat to incorrect host.


Hello all,

I am having difficulty trouble shooting a problem I am having troubles with a firewall rule. I have setup a static Nat rule to a single host ( in my network to allow rdp, when I run packet tracker the rule works, however when I physically try to connect from out side the rule resolves to another host (

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni


Share is the NAT configurations and the "packet-tracer" output

You could also confirm that there is NO translations from the WRONG IP address to the public IP address you are connecting to with

show xlate local

I would also confirm that you are not having some sort of DNS issue even though you are in the external network.

Make sure that you are connecting to the correct public IP address as I don't see why the ASA would forward a connectong to a different internal host that its "packet-tracer" test shows.

Though I would rule out an issue with "nat" configurations or the before mentioned DNS issue.

- Jouni

i had similar behavior but now i find the cause of the misleading NAT.

i'll not use in this time IP addresses on my ASA, i just use names, and in some way i had duplicated the name with diferent ip addresses, so when i try to get nat to "A host" i make the nat to "a host", and this makes the NAT goes to another ip address, when it seems be the same.

check what i told, maybe is the same behaivior and you'll just confused ...

had a great day .

best regards, and rate if you'll find this post useful

had a great day . best regards, and rate if you'll find this post useful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: