Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
4
Replies

move the local ip to another server (natting problem)

Go to solution
asadalhindi
Level 1
Level 1

‎09-17-2012 06:59 AM - edited ‎03-11-2019 04:55 PM

Dears,

I have a local Database server with local ip 192.168.101.3 and on cisco ASA 5500, i use static nat as below:

#static (inside,outside) xx.xx.xx.xx 192.168.101.3 netmask 255.255.255.255

the server was crashed and we moved the data to another server and give it the exact IP address.

now we cannot ping the real ip from out side.

please help.

thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to asadalhindi

‎09-17-2012 10:39 AM

Hello Asad,

I have seen this behavior before, hosts with windows firewall on or anti virus will not reply to any other host that is not on their Local LAN.

Customer usually think it's an ASA issue but as soon as we configure a NAT (OUTSIDE) 10 your_public_ip

global (inside) 10 interface ;   We can see how it works as the server will receive now the packets from the ASA inside interface

Anyway glad to hear it's working fine.

Please mark the question as answered so future users can learn from this

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
gurpsin2
Level 1
Level 1

‎09-17-2012 07:04 AM

Hi Asad,

Are you able to ping the server from ASA itself, its quite possible that the arp entry for server on ASA still has old mac-address, but since its changed now, ASA needs to know this, can u try doing "clear local-host 182.168.101.3" or clear the arp on inside for this server and then see if it works.

regards

Gurpreet

0 Helpful

Go to solution
asadalhindi
Level 1
Level 1
In response to gurpsin2

‎09-17-2012 07:21 AM

Hi Gurpreet,

thanks for your fast responce.

i can ping the local IP from the ASA, and i did the "clear local-host 192.168.101.3"

it didnt work.

regards,

Asad

0 Helpful

Go to solution
asadalhindi
Level 1
Level 1

‎09-17-2012 09:39 AM

the problem has been solved,

that was caused by kaspersky antivirus but when i remove it and try it didnt work too, the problem was because when kaspersky removed, it returned back windows firewall on, when i turne it off, it works,,,,,

thanks

Asad

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to asadalhindi

‎09-17-2012 10:39 AM

Hello Asad,

I have seen this behavior before, hosts with windows firewall on or anti virus will not reply to any other host that is not on their Local LAN.

Customer usually think it's an ASA issue but as soon as we configure a NAT (OUTSIDE) 10 your_public_ip

global (inside) 10 interface ;   We can see how it works as the server will receive now the packets from the ASA inside interface

Anyway glad to hear it's working fine.

Please mark the question as answered so future users can learn from this

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card