Hello all---

Having an issue w a pre 8.3 ASA static NAT.   The intention is to static nat an antivirus server hanging off our DMZ interface on the ASA- that address being 192.168.255.2….. to one of our public IP address (for the sake of this forum) 44.44.44.44.  The ASA DMZ interface is 192.168.255.1.

I’ve configured the static NAT rule and the access ACLs on both the outside interface and dmz interface. For the sake of testing, I used just IP as the service –will restrict it later w the correct service ports once I know it’s working- and for now just have a windows laptop acting as the server for testing.

What I’m seeing is incrementing translate hits, but no untranslated hits at all when performing the command:   show nat dmz outside 192.168.255.2 255.255.255.255

match ip dmz host 192.168.255.2 outside any

    static translation to 44.44.44.44

    translate_hits = 549, untranslate_hits = 0

  match ip dmz any outside any

    no translation group, implicit deny

    policy_hits = 170905

Also, I see no hits at all on the acl for the outside interface when trying to do a ping or telnet to ports running on the laptop\server.

So, it’s obviously translating out- to the public, but not from the public in to the private. Almost like it’s not reaching that public IP. We have other publics we translate to for other services…..with no issue

Here’s the pertinent lines – pretty simple at this point.

Outside Interface ACL

access-list acl_out line 48 extended permit ip any host 44.44.44.44

DMZ interface ACL

 access-list dmz_access_in line 3 extended permit ip any any

NAT Statement on DMZ interface

static (dmz,outside)  44.44.44.44 192.168.255.2 netmask 255.255.255.255

Any help or clarification is appreciated……   thanks   Dennis…