Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
2
Replies

Cisco ASA 5505 IOS 9.2(1), ASDM 7.3(2) NAT issues

metafiend
Level 1
Level 1

‎01-19-2015 07:43 AM - edited ‎03-03-2019 07:43 AM

Hey all,

I am really new to Cisco and am trying to get this Cisco ASA 5505 configured that I bought recently configured properly.

Things I have successfully been able to do:

1. Configure static WAN IP on WAN port e0/0 (I have a /29 block of addresses)

2. Create static routes to point to all of my vlans that are currently being being routed through my layer 3 SG-300

3. Install and run ASDM 7.3(2)

4. Went through the start-up  wizard and configured all of my WAN and LAN settings (I have a WAN block of /29 addresses. So I congured my device with NAT and put in the range the first usable IP address outside of the one I configured for the direct connected WAN port from my modem. Example: 10.24.56.99-102 where .98 is already configured as the direct connect from modem to ASA 5505 and .97 is the gateway of my ISP modem.)

The struggle that I am running into today is with NAT rules from outside to inside. I currently have an Exchange server behind this device but I am unable to get ports forwarded to it. I followed this tutorial about Static NAT, however there is still no joy. 

http://www.networkworld.com/article/2162844/tech-primers/how-to-configure-static-nat-on-a-cisco-asa-security-appliance.html

Attached is a copy of my running-config and version. Any help with this would be greatly appreciated. 

 

Labels:
Preview file
5 KB
Preview file
4 KB
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2015 12:25 PM

Your Ethernet0/1 is a trunk with multiple VLANs allowed but you do not have corresponding VLAN interfaces for SVIs in each of the associated subnets. If, as your routing setup indicates, you will be going via your internal gateway at 10.10.1.1 to reach the internal subnets then Eth0/1 should just be an access port.

So your Exchange server in the 10.10.12.0/24 subnet  will talk via the internal gateway (10.10.12.1?) and thus on to the ASA inside interface at 10.10.1.2.

I assume your "public" IPs have been changed to anonymize the output. If those are your actual addresses (10.24.56.x) then there must be additional NAT taking place upstream - that would all need to be setup properly as well.

0 Helpful

metafiend
Level 1
Level 1
In response to Marvin Rhoads

‎01-19-2015 03:30 PM

Thank you for the response.

I have randomized those IP's for obvious reasons. It was merely a way to show my config with IPs in use. As far as the trunk port, I did realize this was incorrect, and in fact, have decided to do a complete wipe and configure everything from the CLI instead of using some CLI and some ASDM. As I am finding I actually don't need to do anythign with e0/1 at all. I am finding that if I simply add the static routes for my internal vlans and set my L3 switch as the gateway they all route properly. 

I will let you know how it goes.

0 Helpful
Customers Also Viewed These Support Documents