Hello everybody.

I migrate from PIX515E(8.0.4) to ASA5520(8.4.5)

I have this configuration on PIX515E

static (ins10,INTERNET) tcp 10.1.15.5 5555 access-list POS_vpn_ns

access-list POS_vpn_ns extended permit tcp host 10.1.21.6 eq 5555 192.168.0.0 255.255.0.0

access-list POS_vpn_ns extended permit tcp host 10.1.21.6 eq 5555 172.16.0.0 255.255.0.0

I write this configuration to ASA below

ASA5520(config)# sh run object id obj-10.1.21.6-111

object network obj-10.1.21.6-111

host 10.1.21.6

ASA5520(config)# sh run object id obj-10.1.15.5-111

object network obj-10.1.15.5-111

host 10.1.15.5

ASA5520(config)# sh run object id obj-192.168.0.0

object network obj-192.168.0.0

subnet 192.168.0.0 255.255.0.0

ASA5520(config)# sh run object id portd5555

object service portd5555

service tcp destination eq 5555

ASA5520(config)# sh run object id ports5555

object service ports5555

service tcp source eq 5555

nat (ins10,INTERNET) source static obj-10.1.21.6-111 obj-10.1.15.5-111 destination static obj-192.168.0.0 obj-192.168.0.0 service portd5555 ports5555

packet-tracer input INTERNET 192.168.33.33 12456 10.1.15.5 5555

Phase: 1

Type: UN-NAT

Subtype: static

Result: ALLOW

Config:

nat (ins10,INTERNET) source static obj-10.1.21.6-111 obj-10.1.15.5-111 destination static obj-192.168.0.0 obj-192.168.0.0 service portd5555 ports5555

Additional Information:

NAT divert to egress interface ins10

Untranslate 10.1.15.5/5555 to 10.1.21.6/5555

Phase: 2

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group 100 in interface INTERNET

access-list 100 extended permit ip any any

Additional Information:

Phase: 3

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 4

Type: FOVER

Subtype: standby-update

Result: ALLOW

Config:

Additional Information:

Phase: 5

Type: NAT

Subtype:

Result: ALLOW

Config:

nat (ins10,INTERNET) source static obj-10.1.21.6-111 obj-10.1.15.5-111 destination static obj-192.168.0.0 obj-192.168.0.0 service portd5555 ports5555

Additional Information:

Static translate 192.168.33.33/12456 to 192.168.33.33/5555

Phase: 6

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group 100 out interface ins10

access-list 100 extended permit ip any any

Additional Information:

Phase: 7

Type: NAT

Subtype: rpf-check

Result: ALLOW

Config:

nat (ins10,INTERNET) source static obj-10.1.21.6-111 obj-10.1.15.5-111 destination static obj-192.168.0.0 obj-192.168.0.0 service portd5555 ports5555

Additional Information:

Phase: 8

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 9

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 40, packet dispatched to next module

Result:

input-interface: INTERNET

input-status: up

input-line-status: up

output-interface: ins10

output-status: up

output-line-status: up

Action: allow

On phase5 nat not working property (wrong translation)

On phase7 nat not working

Please tell me where i mistaked?