Server w/static NAT can't browse internet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2016 08:49 AM - edited 03-12-2019 01:01 AM
Hey all,
I have a server that is NATed from a private address to a public address (static 1:1), and while inbound traffic to it works, if it tries to browse the internet it cannot. Other things on the internal 10.x.12.x network can browse just fine, unless they also have a static NAT. Name resolution works fine.
This definitely seems related to NAT, but not sure what. There's a lot of cruft in this config that needs removed, but I'll post it here. Most of this looks like leftovers from an upgrade/translate.
Doc attached. Any ideas why static NAT hosts can't get out, but inbound works fine?
Thx.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2016 12:36 PM
Should note:
The host with the static NAT is found on interface "inside". Probably relevant info. :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2016 11:03 PM
[@ryan.lambert]
Please take these below packet-tracers:
#packet-tracer input outside match icmp 8.8.8.8 8 0 <server_public_ip> det
#packet-tracer input inside <server_private_ip> 8 0 8.8.8.8 det
You can try also take captures on ASA inside and outside interfaces to see if traffic reach and left the ASA:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html
