?
Solved

Cisco Firewall NAT Question

Posted on 2013-05-10
12
Medium Priority
?
630 Views
Last Modified: 2013-06-18
Hi all,

Please provide me the help with this puzzle.
I have this server in the dmz zone which is nat'd to the public address . After i put static nat ,it cannot ping the internet whereas i can ping this public address from outside .

I have about 10 servers with the same setting's who are being nat'd the same way to the public ip address and they are working perfectly.
I have no idea why this problem is coming with this server,m i missing something here?

PLease help.....

name 10.10.100.151 fisheye_private
name 207.***.255.119 fisheye_public
access-list from-outside-inbound extended permit tcp any host fisheye_public eq www
static (dmz,outside) fisheye_public fisheye_private netmask 255.255.255.255


Thanks
Jas
0
Comment
Question by:jasmanes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 11

Expert Comment

by:naderz
ID: 39156225
do you have an ACL for the DMZ interface to allow the traffic from the server in to the DMZ interface?
0
 

Author Comment

by:jasmanes
ID: 39156246
Yes i do have the acl..

This server falls under 10.10.100.* subnet and there are about 10-15 server's who got the similar config lines...They are working perfectly .

This is rhel box with 10.10.100.151 IP and if i give the same ip to other dmz server box,then that server can ping outside...
0
 
LVL 11

Expert Comment

by:naderz
ID: 39156264
How about within the server itself? Can the server ping other servers on its network? Can it ping its default gateway?
0
ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

 

Author Comment

by:jasmanes
ID: 39156292
Yes, this server can ping the entire internal network and its gateway.. That's why i cannot blame the servers fault here

If i remove nat line,then it can ping outside as well :(
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 39156411
What version of OS is the ASA running? If it is 8.3 or beyond, the outside ACL needs to reference the real IP addresses; not the public IP which gets NAT'd.
0
 

Author Comment

by:jasmanes
ID: 39156442
I didn't get this
10.10.100.151 this is my server ip
 207.***.255.119   this is one from our pool that i fill up in our public dns provider

Can you please write the acl here as well

Thanks
Jas
0
 
LVL 11

Expert Comment

by:naderz
ID: 39156528
how are you nating and acl the other servers that are working?
0
 

Author Comment

by:jasmanes
ID: 39156896
Ahhh..

I am not sure but i guess found the solution. I was able to shutdown one of the dmz server which was nat'd  .I didn't touch the public dns part for this server but i gave the internal ip address of this to my concern server which was already nat'd to the outside

The difference is now that public dns name is different then the internal server name..

May be this was the problem ? previously public dns name was exactly same as internal For ex
name 10.10.100.151 fisheye_private                        abc.example.net
name 207.***.255.119 fisheye_public                      abc.example.net

Which now is

name 10.10.100.151 fisheye_private                        abc.example.net
name 207.***.255.119 fisheye_public                      xyz.example.net

Was this the problem ?do you think
0
 
LVL 11

Expert Comment

by:naderz
ID: 39156942
you can verify that by testing using IP address instead of the name.
0
 

Author Comment

by:jasmanes
ID: 39156960
Yes, it's working both way's

I got asa5520 8.2 ..May be i need to restart it if same name is not the issue
0
 
LVL 11

Accepted Solution

by:
naderz earned 2000 total points
ID: 39157124
Interesting, let's list what you have done and what works and what doesn't.
0
 

Author Closing Comment

by:jasmanes
ID: 39257334
ss
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question