Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
736
Views
0
Helpful
2
Replies

NAT Rule Causing Internet Connectivity Issues

TedEdward
Level 1
Level 1

‎03-22-2022 04:25 AM

Hi,

 

I have a NAT rule on our FPR-1010 running ASA to allow incoming traffic on outside interface on port 65020. The rule works and have required access  externally. 

 

The problem I have is the internal server that it is accessing has internet connectivity issues. 

 

For example when I open Chrome on it I can't get to https://www.grc.com but can get to other sites. This is causing problems for the software running on the server.

 

This is the NAT rule.

 

(Inside) to (Outside) source static SERVER interface service any 65020Source inactive.

 

Does anyone know what the issue could be please?

 

Thanks

 

 

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎03-22-2022 05:05 AM 

For example when I open Chrome on it I can't get to https://www.grc.com but can get to other sites. This is causing problems for the software running on the server.

is this from inside network or outside network ?

what you mean other site ? they also NATted ?

 

from Lan are you able to access that site ? what port ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎03-22-2022 06:24 AM

(Inside) to (Outside) source static SERVER interface service any 65020 
the source Port is OK 
the destination Port is Wrong ...
service any 65020 at the end of NAT is wrong, this for destination port, i.e.
costumer in outside will ask specific port that NAT to 65020, here you make all destination port NAT to 65020...!!!
please change it to be 
Inside-FW-Outside 
the client in outside will use port for example 5000 will nat to 65020 which use by Server in Inside. 
the client in outside will use port 65020 will nat to 65020 which use by server in inside. 

I think you misunderstood the Service and assign ANY as it the source port.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top