Hi,

I have an ASA with three interfaces: inside, outside and otherlan. On altralan there's an EhternetDevice that must be reached from inside, but not from outside.

The relevant part of configuration is:

name A.B.C.D EthernetDevice

!

interface Vlan1

nameif inside

security-level 100

ip address X.Y.Z.T 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address IP-PUBBLICO NETMASK

!

interface Vlan3

nameif otherlan

security-level 50

ip address A.B.C.E 255.255.255.0

!

interface Ethernet0/0

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

switchport access vlan 3

!

[...]

access-list otherlan_access_in extended permit ip host EthernetDevice X.Y.Z.0 255.255.255.0

access-list inside_access_list extended permit ip X.Y.Z.0 255.255.255.0 host EthernetDevice

global (outside) 1 interface

global (otherlan) 2 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,otherlan) EthernetDevice EthernetDevice netmask 255.255.255.255

access-group inside_access_in in interface inside

access-group otherlan_access_in in interface otherlan

route outside 0.0.0.0 0.0.0.0 X.Y.Z.T 1

EthernetDevice has an embedded HTTP server, which is working, i.e. from a pc on otherlan it's reachable, and it has A.B.C.E as default gateway.

The problem is that I can't reach it from a pc on inside lan, and on ASA log I have the following error:

portmap translation creation failed for tcp src inside:X.Y.Z.P/2461 dst altralan:EthernetDevice/80

I've also tried to use:

global (otherlan) 2 X.Y.Z.4-X.Y.Z.10 netmask 255.255.255.0

and try to reach from a PC whose IP is in the pool, but no luck too.

What is wrong / haven't I understood ?

Thanks in advance

Ciao