On Thu, 2012-11-22 at 11:24 -0800, Md. Jahangir Hossain wrote: > My Mail server ip address 192.168.100.10 which static nat with > 119.x.x.85. But I can access internet from one of workstation which ip > is 192.168.100.50 which static nat with 119.x.x.83. Need your > suggestion for resolved this issue.
If 192.168.100.10 isn't a typo then the reason is probably that there's no valid translation for the address. You have the following NAT statements: > static (dmz,outside) 119.x.x.83 192.168.100.100 netmask 255.255.255.255 > static (dmz,outside) 119.x.x.85 192.168.100.50 netmask 255.255.255.255 ... > nat (inside) 1 192.168.0.0 255.255.248.0 > global (outside) 1 interface None of these cover 192.168.100.10 on the "dmz" interface. It could be a typo of course; you mention 192.168.100.50 is 119.x.x.83, but according to your configuration it's actually 119.x.x.85. You can always take a look at what the ASA logs. You might see some lines of "%ASA-3-305006" meaning that you don't have a valid translation. Try enabling monitor logging at informational level, monitor from the VTY and test again: logging monitor informational terminal monitor <test from server> Beware that this dumps a lot of text in your terminal of you have even just moderate activity. (And you formatting leaves something to be desired! :-)) -- Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
