Access rule

JPCPIA130 · ‎01-20-2016

I am trying to sync up a back up device with another company for offsite backups. I'm working with an ASA 5505 and having trouble allowing access to an internal host on ports 22,80,443. My current setup has multiple IPs coming in on the outside interface (not my real IPs) on 1.1.1.34 is our internet access, .35 OWA and .36 is Citrtix. I'm trying to set a rule for their public IP say 2.2.2.2 to allow access internally to say 192.168.1.70. I had it working but when with them coming in on 1.1.1.40 but when the traffic left it went out on 1.1.1.34. Is it possible to have the traffic be sent from 1.1.1.40 with NAT?

Jon Marshall · ‎01-20-2016

So when 192.168.1.70 goes to the internet it should be translated 1.1.1.34 but for backups it should use 1.1.1.40 ?

If so it should be possible you have just probably got your NAT statements in the wrong order or you are missing a NAT statement for that specific connection.

Can you clarify exactly what you want and the version of software on your ASA ?

If it is 8.3 or later can you post a "sh nat" as well.

Jon

JPCPIA130 · ‎01-20-2016

sorry for the confusion. I would like my vendor to come in on 1.1.1.40 and the traffic to be sent out on 1.1.1.40. The way i had it set up the vendor was able to come in on 1.1.1.40 but he saw the traffic coming from 1.1.134. So basically my vendor who's ip address is 2.2.2.2 should be accessing a resource on my internal network on ports 22,80,443 that has IP address 192.168.1.70. That internal resouce should be accessed from the outside address of 1.1.1.40 and traffic back to him should come from 1.1.1.40.

ASA Software Version is 9.1 (3)

here is the NAT rule

1 (any) to (any) source static DataDomain 1.1.1.40
translate_hits = 10, untranslate_hits = 34

Jon Marshall · ‎01-20-2016

Is that your full NAT output ?

If not can you post it and also the output of this command -

"packet-tracer input inside tcp 192.168.70.1 <src port> 2.2.2.2 12345"

just pick one of the ports you mentioned as the src port.

Jon