Hi Jason, We just recently got a Cisco ASA 5505 and I remember having a few joyous configuration opportunities with it. Could I ask you to post your running-config here please? (obviously mask / delete any public IP addresses, passwords, etc).
I'm sure it's likely a very small configuration error either with the NAT rules, the ACLs or maybe even somewhere else. A fresh pair of eyes can't hurt. Regards, Andrew 2009/12/21 Jason Morris <jmor...@mjmc.com> > Yes I have verified it’s not a DNS problem. > > > > No I can’t ping/traceroute out when statically natted. But the second I > remove the static nat rule, I can without having to clear xlate/local/arp. > > I have verified I’m using the correct public and private IP addresses. The > static rule exactly matches all the other rules that work fine. L > > > > *From:* Jeff Bunting [mailto:bunting.j...@gmail.com] > *Sent:* Monday, December 21, 2009 1:20 PM > *To:* NT System Admin Issues > *Subject:* Re: OT: Cisco ASA and NAT > > > > Have you verified it isn't just a DNS problem? Can you ping/traceroute out > when statically natted? > > On Mon, Dec 21, 2009 at 1:33 PM, Jason Morris <jmor...@mjmc.com> wrote: > > I’ve been working this problem for the past week or so and nothing I do > resolves the issue. Hopefully someone here has run across it. > > > > We’re running a Cisco ASA for a firewall. On DMZ1 we have a bunch of > servers. A bunch of those servers have static nat translations to public IP > addresses. Then we have access-lists controlling what ports are open on each > of the static addresses. IE: web/pop/smtp. I have a global rule set on DMZ1 > stating if something doesn’t have a static translation, give it the address > of the external interface. > > > > I have a new mail server we’ve been running in the DMZ for awhile. It works > fine without a static NAT translation on it…minus the fact I can’t connect > to OWA. As soon as I add a static translation to it, it stops browsing the > Internet and the queues sending out stop. > > > > My static looks like this: > > Static (DMZ1,OUTSIDE) 1.1.1.1 10.0.0.1 netmask 255.255.255.255 > > > > I’ve cleared the xlate table and local tables hoping it was just an ARP > issue. I’ve rebooted the ASA with the static command active so it would take > it on reboot and still no luck. > > > > The server is 2008 Enterprise with multiple interfaces and I’m stuck. L I > have verified the routing table is ok to send all traffic destined for > 0.0.0.0 to the proper ASA gateway. > > > > ------------------------------------------ > > Jason Morris > > MJMC, Inc. > > P: 708-225-2350 > > F: 708-943-9015 > > > > > > > > ------------------------------------------------------------------------------------------ > > The pages accompanying this email transmission contain information from MJMC, > Inc., which > > is confidential and/or privileged. The information is to be for the use of > the individual > > or entity named on this cover sheet. If you are not the intended recipient, > you are > > hereby notified that any disclosure, dissemination, distribution, or copying > of this > > communication is strictly prohibited. If you received this transmission in > error, please > > immediately notify us by telephone so that we can arrange for the retrieval > of the original > > document. > > > > > > > > > > > > > ------------------------------------------------------------------------------------------ > The pages accompanying this email transmission contain information from MJMC, > Inc., which > is confidential and/or privileged. The information is to be for the use of > the individual > or entity named on this cover sheet. If you are not the intended recipient, > you are > hereby notified that any disclosure, dissemination, distribution, or copying > of this > communication is strictly prohibited. If you received this transmission in > error, please > immediately notify us by telephone so that we can arrange for the retrieval > of the original > document. > > -- Kind regards, Andrew Levicki MCITP MCSE CCNA and...@levicki.me.uk www.andrewlevicki.eu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~