06-02-2016 01:15 PM - edited 03-12-2019 12:50 AM
I have 2 devices on my LAN that need to communicate with a vendor network. Originally each device had a dedicated public IP address, but we are wanting to change that to use just a single public IP. I am working with an ASA 5555X running version 9.4(2)11. Looking at the configuration guide I should just need to configure static NAT with port translation, but I am unable to get it to work with this method. Below is my config:
object network Vendor_Device1
host 10.x.x.x
nat (inside,outside) static 'outsideIP' service tcp 3001 3001
object network Vendor_Device2
host 10.x.x.x
nat (inside,outside) static 'outsideIP' service tcp 3002 3002
I am using the same outside IP address for each device and the vendor is using the specified ports to communicate with each device from the outside. That is how it is supposed to work anyway, it currently is not working. I imagine it is something simple I am overlooking but I have not been able to identify that something as of yet. Any help is greatly appreciated.
Solved! Go to Solution.
06-02-2016 04:41 PM
That configuration is correct. We you removed the original 1:1 NAT's?
Have you got acces-lists allowing traffic tot he 10.x.x.x hosts?
Perhaps try a "clear xlate" after making the NAT changes.
06-02-2016 04:41 PM
That configuration is correct. We you removed the original 1:1 NAT's?
Have you got acces-lists allowing traffic tot he 10.x.x.x hosts?
Perhaps try a "clear xlate" after making the NAT changes.
06-15-2016 09:31 AM
Issue was related to a missing ACL.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide