We help IT Professionals succeed at work.
Get Started
asa static nat
we are replacing our PIX with an ASA and im trying to get the NAT to work properly with little luck. below is the config for both my PIX first and ASA second. I can ping and connect to any of the addresses on the static nat list on the pix. when I set up a similar rule on the ASA I can not connect. I can ping the public IP on the interface but thats it. am I missing something? even when I set up the same rules on the ASA it didn't want to work.
static (inside,outside) xxx.xxx.219.124 10.10.4.124 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.244 10.10.4.104 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.125 10.10.4.25 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.252 10.10.4.1 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.250 10.10.10.29 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.251 10.10.10.216 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.254 10.10.10.81 netmask 255.255.255.255
nat (inside) 1 10.10.0.0 255.255.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 xxx.xxx.219.254 netmask 255.255.255.255
interface Ethernet0
nameif WAN
security-level 0
ip address xxx.xxx.219.210 255.255.255.0
--------------------------
global (outside) 1 xxx.xxx.219.151
nat (inside) 1 10.10.0.0 255.255.0.0
static (inside,outside) xxx.xxx.219.211 10.10.10.29 netmask 255.255.255.255
interface Ethernet0/1
description external
nameif outside
security-level 0
ip address xxx.xxx.219.150 255.255.255.0
static (inside,outside) xxx.xxx.219.124 10.10.4.124 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.244 10.10.4.104 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.125 10.10.4.25 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.252 10.10.4.1 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.250 10.10.10.29 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.251 10.10.10.216 netmask 255.255.255.255
static (inside,outside) xxx.xxx.219.254 10.10.10.81 netmask 255.255.255.255
nat (inside) 1 10.10.0.0 255.255.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 xxx.xxx.219.254 netmask 255.255.255.255
interface Ethernet0
nameif WAN
security-level 0
ip address xxx.xxx.219.210 255.255.255.0
--------------------------
global (outside) 1 xxx.xxx.219.151
nat (inside) 1 10.10.0.0 255.255.0.0
static (inside,outside) xxx.xxx.219.211 10.10.10.29 netmask 255.255.255.255
interface Ethernet0/1
description external
nameif outside
security-level 0
ip address xxx.xxx.219.150 255.255.255.0
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE