Result of the command: "sh run"

: Saved

:

ASA Version 8.2(1)

!

hostname xxxxxx

domain-name xxxxxx

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

name 119.70.109.129 Exch2 description Mon Exchange

name 119.70.109.132 Mail description Mon Xmail server

name 119.70.109.128 MailGateway09 description Mon exchange mail gateway

name 119.70.109.135 TrialRemoteServer description Trial Remote Server

name 119.70.109.134 TrialVmserver description Trial Vmserver

name 119.70.109.136 TrilSQLServer description Tril SQL Server

name 119.70.109.131 WebServer description Web Server

name 119.70.109.133 VmServer description VM Server

name 192.168.222.0 Inside_network

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.222.222 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 119.70.199.127 255.255.255.240

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

domain-name xxxxxxx

access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit tcp any host 119.70.109.138 eq 3389

access-list outside_access_in extended permit tcp any host TrilSQLServer eq 8082

access-list outside_access_in extended permit tcp any host TrilSQLServer eq 3389

access-list outside_access_in extended permit tcp any host TrialRemoteServer eq 3389

access-list outside_access_in extended permit tcp any host TrialVmserver eq 3389

access-list outside_access_in extended permit tcp any host Exch2 eq 3389

access-list outside_access_in extended permit tcp any host Exch2 eq https

access-list outside_access_in extended permit tcp any host Exch2 eq pop3

access-list outside_access_in extended permit tcp any host Exch2 eq smtp

access-list outside_access_in extended permit tcp any host Exch2 eq www

access-list outside_access_in extended permit tcp any host MailGateway09 eq pop3

access-list outside_access_in extended permit icmp any host WebServer

access-list outside_access_in extended permit tcp any host MailGateway09 eq smtp

access-list outside_access_in extended permit tcp any host WebServer eq 3389

access-list outside_access_in extended permit tcp any host WebServer eq https

access-list outside_access_in extended permit tcp any host WebServer eq www

access-list outside_access_in extended permit icmp any host Mail inactive

access-list outside_access_in extended permit tcp any host Mail eq www

access-list outside_access_in extended permit tcp any host Mail eq 3389

access-list outside_access_in extended permit tcp any host Mail eq pop3 inactive

access-list outside_access_in extended permit tcp any host Mail eq smtp inactive

access-list outside_access_in extended permit tcp any host 119.70.109.126 eq 3389

access-list outside_access_in extended permit udp any host 119.70.109.126 eq domain

access-list outside_access_in extended permit tcp any host 119.70.109.126 eq domain

access-list outside_access_in extended permit tcp any host 119.70.109.130 eq 3389

access-list outside_access_in extended permit udp any host 119.70.109.130 eq domain

access-list outside_access_in extended permit tcp any host 119.70.109.130 eq domain

access-list outside_access_in extended permit tcp any host VmServer eq 3389

access-list outside_access_in extended permit tcp any host 119.70.109.137 eq ftp inactive

access-list outside_access_in extended permit tcp any host 119.70.109.137 eq 3389

access-list inside_access_in remark Implicit rule: Permit all traffic to less secure networks

access-list inside_access_in extended permit icmp any any

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit tcp any any

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-621.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 Inside_network 255.255.255.0

static (inside,outside) 119.70.109.137 192.168.222.4 netmask 255.255.255.255

static (inside,outside) 119.70.109.126 192.168.222.2 netmask 255.255.255.255

static (inside,outside) MailGateway09 192.168.222.159 netmask 255.255.255.255

static (inside,outside) Exch2 192.168.222.252 netmask 255.255.255.255

static (inside,outside) 119.70.109.130 192.168.222.1 netmask 255.255.255.255

static (inside,outside) WebServer 192.168.222.231 netmask 255.255.255.255

static (inside,outside) Mail 192.168.222.155 netmask 255.255.255.255

static (inside,outside) VmServer 192.168.222.233 netmask 255.255.255.255

static (inside,outside) TrialVmserver 192.168.222.199 netmask 255.255.255.255

static (inside,outside) TrialRemoteServer 192.168.222.198 netmask 255.255.255.255

static (inside,outside) TrilSQLServer 192.168.222.197 netmask 255.255.255.255

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 119.70.109.125 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http Inside_network 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

!

prompt hostname context

Cryptochecksum:78042238af7e1aa1473882a6a683acc1

: end

Thanks for the show run, can you please advise what exactly you have added that have caused the issue?

In 192.168.222.2 Server.  it can not get internet and ping 8.8.8.8 " Request time out."

than del access rule for 119.70.109.126 permit rule ( 3 rules), it can get internet and ping test. and Go to checkip.org ,show correct wan ip.

I have testing 192.168.222.2 and 192.168.222.1, alse have this problem.

Thank !!!! brother.

You might want to check the public ip address itself: 119.70.109.126

The problem is not with the rule. It's with the static NAT that you configure with 119.70.109.126.

I would check if the ASA has an ARP entry for 119.70.109.126, if it does, then this is incorrect. You might want to clear the arp and also clear xlate after you configure any static NAT statement.

Also check on the external router that is connected to the ASA if 119.70.109.126 ARP on the router is the ASA outside interface MAC address.

Jennifer

Thanks for your reply.

Wan ip rage  is not real. I changed some number.

also I have restart ASA and clear xlate ,arp..also can not work.

I only have ASA Firewall, and can not check external router arp table in Data Center.

Thanks!

We can't quite help you if we don't have the correct information as we will just be guessing.

This could point to any problem.

Can you try with any other public IP Address? at this point, we are not very clear where and why exactly it's failing? whether it's due to the conflict in IP address, or an ARP issue, or xlate issue, etc.

Jennifer

I will find Data Center operator check ARP information and clear.

Thanks for your suggest. it may be external router ARP problem.

If also can not work,Can I send to you original config file ?

Thanks.

Sure, feel free.

Thanks for your reply.

I posted Show run config!

Thanks