11-23-2015 01:22 AM - edited 03-11-2019 11:55 PM
Hello Folks,
I have a query which I am trying it hard to resolve.
I have a server sitting in inside interface wants to gain access to internet from a public ip other than the outside interface ip, but having error.
Inside interface srever ip : 10.1.4.12
Public Ip : 55.55.55.55
outside interface ip : 66.66.66.66
I have configured this way
access-list inbound extended permit ip any host 10.1.4.12
nat (Inside,outside) source 10.1.4.12 55.55.55.55
Can some one please guide me. This is urgent.
Regards,
Syed
11-23-2015 01:42 AM
Hi Syed,
The nat rule doesnt have dynamic/static in the definition:
nat (Inside,outside) source static 10.1.4.12 55.55.55.55
>> Is the public IP for the server falls in the same subnet as the IP on the ASA's public interface?
>> What is the ASA verison you are running?
>> run packet tracer and check why ASA is droppping the traffic.
packet-trace input Outside tcp <src-ip> <src-port> 55.55.55.55 <dst-port> det
Thanks,
Rishabh Seth
11-23-2015 04:35 AM
Hi Risbah,
I've figured it out. Actually there was a dynamic NAT superceeding static NAT.
There was a dynamic NAT configured for inside interface to outside interface and below was configured a static NAT between 10.1.4.12 55.55.55.55.
So I placed this static NAT on top of Dynamic and it worked.
Now the servers are able to go online.
My ASA version is running on 9.0
Thanks for your reply.
Regards,
Syed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide