Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3521
Views
0
Helpful
5
Replies

ASA-5506X Static Route

Go to solution
jdrose_2
Level 1
Level 1

‎11-06-2015 11:39 AM - edited ‎03-11-2019 11:50 PM

Trying to add a static route: static (inside,outside) x.x.x.x 192.168.0.2 netmask 255.255.255.0

Receiving the attached error.  Is it a different syntax to add this command on the 5506X?

Labels:
Preview file
3 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-06-2015 10:38 PM

Hi there,

Configure Object for the inside host and then configure the nat inside that object.

Object network obj-192.168.0.2

 host 192.168.0.2

 nat (inside,outside) static x.x.x.x

make sure (this x.x.x.x is not outside interface ip. If it is, then use 'interface' keyward instead of x.x..x.x).

Also if you are trying to connect to this Internal server from Outside hosts then add access-list on Outside interface to permit the real IP. Something like :

access-list outside_in permit ip any host 192.168.0.2

access-group outside_in in interface outside.

Note : we need to give real IP address in destination for inbound access-list post 8.3 instead of Mapped IP.

hope this helps.

Regards,

Akshay Rastogi

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

‎11-06-2015 01:34 PM

It's a static NAT that you are trying to configure. The syntax changed in ASA version 8.3. Look at Jounis excellent document to learn about the differences:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎11-06-2015 10:35 PM

Hello,

adding routing in ASA is done as follows 

ciscoasa(config)# route outside 110.10.110.0 255.255.255.0 192.168.13.3

Where interface name where the destination subnet resided and gateway.

Hope it Helps..

-GI

Rate if it Helpss

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-06-2015 10:38 PM

Hi there,

Configure Object for the inside host and then configure the nat inside that object.

Object network obj-192.168.0.2

 host 192.168.0.2

 nat (inside,outside) static x.x.x.x

make sure (this x.x.x.x is not outside interface ip. If it is, then use 'interface' keyward instead of x.x..x.x).

Also if you are trying to connect to this Internal server from Outside hosts then add access-list on Outside interface to permit the real IP. Something like :

access-list outside_in permit ip any host 192.168.0.2

access-group outside_in in interface outside.

Note : we need to give real IP address in destination for inbound access-list post 8.3 instead of Mapped IP.

hope this helps.

Regards,

Akshay Rastogi

0 Helpful

Go to solution
jdrose_2
Level 1
Level 1

‎11-09-2015 07:39 PM

Hi Akshay,

The Object network obj-192.168.0.2 command work fine.  The firewall would not take the host 192.168.0.2 or nat (inside,outside) static x.x.x.x commands.  Any suggestions?

Thank you!

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to jdrose_2

‎11-09-2015 07:39 PM

Hi,

These commands needs to be configured under this object which you created. I hope you are doing that. Also what error are you getting if already doing what i mentioned?

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card