Solved: Issue was related to a

josh.brimm · ‎06-02-2016

I have 2 devices on my LAN that need to communicate with a vendor network. Originally each device had a dedicated public IP address, but we are wanting to change that to use just a single public IP. I am working with an ASA 5555X running version 9.4(2)11. Looking at the configuration guide I should just need to configure static NAT with port translation, but I am unable to get it to work with this method. Below is my config:

object network Vendor_Device1

host 10.x.x.x

nat (inside,outside) static 'outsideIP' service tcp 3001 3001

object network Vendor_Device2

host 10.x.x.x

nat (inside,outside) static 'outsideIP' service tcp 3002 3002

I am using the same outside IP address for each device and the vendor is using the specified ports to communicate with each device from the outside. That is how it is supposed to work anyway, it currently is not working. I imagine it is something simple I am overlooking but I have not been able to identify that something as of yet. Any help is greatly appreciated.

Philip D'Ath · ‎06-02-2016

That configuration is correct. We you removed the original 1:1 NAT's?

Have you got acces-lists allowing traffic tot he 10.x.x.x hosts?

Perhaps try a "clear xlate" after making the NAT changes.

View solution in original post

Philip D'Ath · ‎06-02-2016

That configuration is correct. We you removed the original 1:1 NAT's?

Have you got acces-lists allowing traffic tot he 10.x.x.x hosts?

Perhaps try a "clear xlate" after making the NAT changes.

josh.brimm · ‎06-15-2016

Issue was related to a missing ACL.

Static NAT with Port Translation