Hi Guys,

I am having some difficulties with a static NAT.

What I would like to do is to configure a static NAT for port 443 to hit my outside interface and then go through to my internal web server. The steps I have done are:

Web server (internal): 10.10.10.1

External IP Address (outside interface): 203.206.205.101

1. Allow https traffic through to my web server

access-list outside_access_in extended permit tcp any host 10.10.10.1 eq https

2. Create an object NAT

object network webserver

     host 10.10.10.1

     nat (inside,outside) static interface service tcp https https

3. Check via packet tracer (very unusual output)

packet-tracer input outside tcp 115.30.20.10 12345 203.206.205.101 443

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 2

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in  203.206.205.101 255.255.255.255 identity

Phase: 3

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Result:

input-interface: outside

input-status: up

input-line-status: up

output-interface: NP Identity Ifc

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

Interfaces are all up, routes are all in place etc, firewall is in routed mode. Access list has been applied to the outside interface...why is it skipping the unnat section in the packet tracer???

Any ideas would be most welcome...