11-08-2014 11:53 PM - edited 03-11-2019 10:02 PM
I got new asa 5512 with ver 9.1 on it and I am trying to do a static nat, but it did not work. here is my config:
object network hst-192.168.0.60
host 192.168.0.60
nat (inside,outside) static 173.x.x.x
object-group service svcgrp-192.168.0.60-tcp tcp
port-object eq 80
port-object eq 443
access-list outside_access_in extended permit tcp any object hst-192.168.0.60 object-group svcgrp-192.168.0.60-tcp
access-group outside_access_in in interface outside
------------
I have applied this: nat (inside,outside) after-auto source dynamic any interface
but did not help
--------------
(I also have an old one with ver 7 with working config that I can post if that helps)
Any ideas. Thank you
11-09-2014 12:58 PM
The config looks fine.
11-09-2014 10:48 PM
I test it live. I still have the old firewall and can still switch between them. Note that server is live and can ping it: 192.168.0.60. with both ports from this new ASA.
Also the packet-tracer doesn't show error when running it from the asa. but when testing it from outside it doesn't work. that ip is a static public ip available from the outside router and is working fine with the old firewall (ver 7) any other ideas?
Note: if I do - nat (inside,outside) static 173.x.x.x service www www - it works, but I need this ip to be just for that internal server
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide