Dear all,

My English is'n good . I have trouble with static nat on asa run version 9.1.

This is my configuration file

interface GigabitEthernet1/1
 nameif outside

 des # Connect to router of ISP #
 security-level 0
 ip address 222.255.23.166 255.255.255.252

!interface GigabitEthernet0/2
 nameif dmz
 security-level 50
 ip address 199.1.10.33 255.255.255.224

!

route outside 0.0.0.0 0.0.0.0 222.255.23.165 1

!

object network NASU_DMZ

 sub 199.1.10.32 255.255.255.224

objecdt network NASU_ISA

 host 199.1.10.62

objecdt network NASU_ISA_PUB

 host 222.255.20.186

!

nat (dmz,outside) after-auto source dynamic NASU_DMZ interface

nat (dmz,outside) source static NASU_ISA NASU_ISA_PUB (static nat)

Case1 : if I use alc " access-list Outside_policy_in extendend permit ip any any " ,

                                 access-group Outside_policy_in in interface outside

    Result: Static nat on ASA will be worked correct

Case 2 : If I use acl "  access-list Outside_policy_in extendend permit tcp any host 222.255.20.186 eq 443

                                   access-list Outside_policy_in extendend permit tcp any host 222.255.20.186 eq 80

                                   access-group Outside_policy_in in interface outside

      Result: Static nat on ASA will be worked incorrect. I can't use all service include 443 and 80 .

Can you help me solve this problem ?

Thank you very much!