12-10-2019 01:26 AM
Hello experts,
I have two ASA 5545X active-standby and I have an objtect-group natted to the outside interface, inside of the object-group I have one host, for sometime the host able to browse to the internet but now not working. The trace from the remote PC is finish on the FW. I have the acces-list allowing that object-group to any IP.
Anyone please help to figure out what can be happen and why this host can't browse to internet?
Many thanks,
12-10-2019 03:03 AM
12-10-2019 04:27 AM
12-10-2019 05:08 AM
12-10-2019 05:35 AM
First I have this NAT:
nat (Customs,Outside) source static RemoteGroup_Internet-Access interface
Then I remove and I create this NAT:
nat (Customs,Outside) source dynamic RemoteGroup_Internet-Access interface
The Customs interface is the interface where the host and remote group are configured, and still not working.
12-10-2019 10:11 AM
I would suggest running a Packet Tracer from the Firewall to see if it is actually blocking the traffic and why.
12-11-2019 03:58 AM
12-11-2019 05:04 AM
12-11-2019 05:50 AM
12-11-2019 07:22 AM
12-11-2019 07:34 AM
Please also see if the below info is normal behavior when we create a NAT
12-11-2019 08:39 AM
12-11-2019 09:54 AM
Maputo_Mcnet_APN is the host pc that want to browse and the acl 208 is the Nat I have created from the host pc to outside interface. I removed the old Nat from the object-group and I create this one to specific host but the host pc still not browsing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide