How do I configure NAT/ACL on Cisco ASA 5510?

I'm currently playing around with a CIsco ASA 5510 and the device keeps dropping packets I'm trying to pass on to another router. I've attached a basic image of the network and as you can see it is fairly straight forward.

All I'm trying to do is allow HTTP/HTTPS traffic from the 'external' network ( through to the internal network ( and vice versa. The static route has been entered (145 traffic to be sent to From the internal network I can access the device so I know it can talk to it ok, but as soon as I try to use the packet trace app on ASDM it drops all the time due to ACL's so I cant hit the 145 network.

I'll probably need to post the config but I was hoping someone might be able to put together the CLI bits I need so I can go through and understand what I've missed.
Who is Participating?
MikeKaneConnect With a Mentor Commented:
There is a feature in ASA to permit traffic to flow on interfaces with the same security level:  Look at the bottom of that page for the commands.    

Kind of defeats the purpose of having a firewall here...   A router would probably be a better choice unless there are interfaces that you haven't diagrammed....
The code would help.   But basically to allow traffic from a lower security interface (the outside) to the higher sec interface (the inside), you need to create a static map for 1 internal IP mapped to either an external ip or by using a port forward on the firewall's interface.    Once the internal machine is mapped to an external IP, you must create the ACL to allow specific traffic onto the Static map.  

Have a look here:

That is an explanation using a DMZ, but the process is exactly the same for the inside network.  

v0r73xAuthor Commented:
What I'm hoping to acheive is any network user in 192 to access the 145 network. So I didn't think the Static NAT would work for this?

At current a NAT Expempt rule exists for 192 to 10 and I can access the 10 network. Unfortunately I cant get out to 145 from 192 yet.

It's probably just me confusing myself, I'll tidy up the config and post shortly
Actually,  as I re-read your post just now....   If the 192 network is on a higher security interface (inside) and 145 is on a lower interface (outside)  then a simple Nat rule would work just fine.    Its only if you want 145 traffic to freely visit 192 that the problem would arise.    

Here is the NAT example.
v0r73xAuthor Commented:
As it's connecting to another trusted network it was just adding it to the same security level and allowing same security communication. Many thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.