Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
2
Replies

Server w/static NAT can't browse internet

ryan.lambert
Level 1
Level 1

‎07-14-2016 08:49 AM - edited ‎03-12-2019 01:01 AM

Hey all,

I have a server that is NATed from a private address to a public address (static 1:1), and while inbound traffic to it works, if it tries to browse the internet it cannot. Other things on the internal 10.x.12.x network can browse just fine, unless they also have a static NAT. Name resolution works fine.

This definitely seems related to NAT, but not sure what. There's a lot of cruft in this config that needs removed, but I'll post it here. Most of this looks like leftovers from an upgrade/translate.

Doc attached. Any ideas why static NAT hosts can't get out, but inbound works fine?

Thx.

Labels:
Preview file
6 KB
0 Helpful
2 Replies 2

ryan.lambert
Level 1
Level 1

‎07-14-2016 12:36 PM

Should note:

The host with the static NAT is found on interface "inside". Probably relevant info. :)

0 Helpful

Dina Odeh
Level 1
Level 1

‎07-17-2016 11:03 PM

[@ryan.lambert]  

Please take these below packet-tracers: 

#packet-tracer input outside match icmp 8.8.8.8 8 0 <server_public_ip> det

#packet-tracer input inside <server_private_ip> 8 0 8.8.8.8 det

You can try also take captures on ASA inside and outside interfaces to see if traffic reach and left the ASA:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card