static 1 to 1 NAT not working on cisco asa5505

Tan kok heng · ‎01-29-2013

Hi

i have 2 internal server sitting in inside interface

inside network vlan 1

ip address 192.168.0.20, and 192.168.0.22

i going to map 192.168.0.20 to public ip routable address 203.117.124.180

and 192.168.0.22 to public ip routable address 203.117.124.181

the purpose is to make those 2 server 192.168.0.20, and .22 to be able to access remotely using public routable ip address,

however, after done the configuration i still not able to ping or access the public IP Address mention above. my both server are turn on and can access internally.both server are also able to access internet.

See below partial configuration retrieve from Show Run. please advise if anything wrong?

nat-control

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

nat (Antlab) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 9000 192.168.0.30 9000 netmask 255.255.255.255

static (inside,outside) tcp interface 34599 192.168.0.30 34599 netmask 255.255.255.255

static (inside,outside) tcp interface 34567 192.168.0.30 34567 netmask 255.255.255.255

static (inside,outside) 203.117.124.180 192.168.0.20 netmask 255.255.255.255

static (inside,outside) 203.117.124.181 192.168.0.22 netmask 255.255.255.255

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

access-group Antlab_access_in in interface Antlab

route outside 0.0.0.0 0.0.0.0 203.117.124.177 1

kindly advise thanks

jj27 · ‎01-29-2013

What does your access-list outside_access_in look like?
You will need to define rules in that list to permit certain traffic.

roopesh.n · ‎01-30-2013

Hi Tan,

From internet through which port you are trieng to access your Public IP'S (eg: 80 or 443 any specifi ports) if so you have to create ACL (Rules) to allow the Specific trafic to your IP. For ping you have to enable the ICMP to Public Ip'S

Thanks

Roopesh