We got a Cisco ASA 5512X recently to replace our aging ASA 5510. We're intending to use this as the edge device between our network and our ISP's. Our ISP told us to use 12.226.xxx.18/29 as the device's outside address and mask, with a gateway of 12.226.xxx.17. The ISP also gave us the range 12.35.xxx.97/27 to use for our public servers.
I setup static NAT rules for several servers on our inside interface, so that they'll have public IP addresses, and then there's a dynamic NAT rule so that all other devices will simply use the ASA's outside IP address when accessing the Internet:
|Partial NAT Rules|
object network Skyward
nat (Inside,Outside) static 12.35.xxx.98
object network AHSWS01-Support
nat (Inside,Outside) static 12.35.xxx.101
object network AHSWS02-Sharepoint
nat (Inside,Outside) static 12.35.xxx.100
nat (Inside,Outside) after-auto source dynamic any interface
However, what I'm noticing is that when we attempt to swap this device inline, all of the servers which have NAT rules setup cannot access the Internet, nor can they be accessed from the Internet. However, all of the devices without static NAT rules (thus using the dynamic rule) are able to get online without any issue. I've compared the config of this device with our old ASA 5510 (which is running ASA Version 8.0(5)), and didn't find anything that stood out that would be causing this issue.
Is there a step I might've missed, or perhaps something I'm misunderstanding about how NAT works in ASA 8.3 and later? Any help would be greatly appriciated.
Solved! Go to Solution.
I tried that earlier this week and had no luck. My current running-config, however, was setup without the use of "Public Servers" (I instead just created the objects and added access rules by hand), but everything still shows up under the "Public Servers" section of ASDM.