cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
494
Views
0
Helpful
2
Replies

Server w/static NAT can't browse internet

ryan.lambert
Level 1
Level 1

Hey all,

I have a server that is NATed from a private address to a public address (static 1:1), and while inbound traffic to it works, if it tries to browse the internet it cannot. Other things on the internal 10.x.12.x network can browse just fine, unless they also have a static NAT. Name resolution works fine.

This definitely seems related to NAT, but not sure what. There's a lot of cruft in this config that needs removed, but I'll post it here. Most of this looks like leftovers from an upgrade/translate.

Doc attached. Any ideas why static NAT hosts can't get out, but inbound works fine?

Thx.

2 Replies 2

ryan.lambert
Level 1
Level 1

Should note:

The host with the static NAT is found on interface "inside". Probably relevant info. :)

Dina Odeh
Level 1
Level 1

[@ryan.lambert]  

Please take these below packet-tracers: 

#packet-tracer input outside match icmp 8.8.8.8 8 0 <server_public_ip> det

#packet-tracer input inside <server_private_ip> 8 0 8.8.8.8 det

You can try also take captures on ASA inside and outside interfaces to see if traffic reach and left the ASA:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: