ASA Static Nat Issues

tgillingham1991 · ‎10-12-2018

Hello

We're trying to implement a new cisco asa 5508 firewall on our site, but we're having a few issues. Currently the firewall when plugged in allows general internet traffic from the internal interface but none of the internal servers which have nat rules on them can be accessed from the outside interface. I've run a packet tracer on the asa and traffic passes fine going external from these servers. When I do the same test in the opposite direction I get the following error..

I've also attached our current config. If anyone can help it would be much appreciated!

Kind Regards

tgillingham1991 · ‎10-12-2018

Just following on from this I've realised that the packet tracer screen shot above should have the external ip for that particular nat rather than the private ip address in the destination field. That being said it still doesn't explain why the below doesn't work when trying to access the website. Any help on my config would be much appreciated. A 2nd pair of eyes to make sure everything looks set up correctly is a great help.

object network Host_LDS_SV05_Spiceworks
 nat (inside,outside) static 188.39.78.54 service tcp 9676 9676

access-list OutsideToInside extended permit tcp any host 192.168.7.5 eq 9676

Kind Regards

Marius Gunnerud · ‎10-12-2018

I don't see your current configuration attached to your post above.

Could you run a packet-tracer from the CLI and post the output here?

Packet-tracer input outside tcp 8.8.8.8 12345 188.39.78.54 9676 detail

It is possible that the traffic is hitting another NAT statement

--
Please remember to select a correct answer and rate helpful posts