Static Nat Issue on ASA 5505 since Migration to Asa 8.3

Home Forums Networking Cisco Security – PIX/ASA/VPN Static Nat Issue on ASA 5505 since Migration to Asa 8.3

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    psychoboust
    Member
    #153827

    Hi everyone,

    since the migration of my Cisco ASA 5505 from ASA 8.2 to ASA 8.3 I can’t use anymore my public IP adress in my DMZ.

    In ASA 8.2 I just use that command :

    static (inside-public,outside) 100.100.213.171 100.100.213.171 netmask 255.255.255.255

    and I was able to access internet from my server 100.100.213.171

    In ASA 8.3 the command is now :

    object network obj-100.100.213.171
    host 100.100.213.171
    nat (inside-public,outside) static 100.100.213.171

    but doing this I can’t access internet from this server.
    but If I do :

    object network obj-100.100.213.171
    host 100.100.213.171
    nat (inside-public,outside) static 100.100.213.172

    it works (but my server got 100.100.213.172 for the outside)

    So actually I changed all my DMZ ip range to 192.168.11.0 and make translation to the correct ip address and it works.

    object network obj-192.168.11.171
    host 192.168.11.171
    nat (inside-public,outside) static 100.100.213.171

    So my question is : why doesn’t it work anymore ?
    and am I wrong to put real ip public address in my DMZ ?

    Also one note (but I don’t know if we care) : the Cisco outside IP address is not the same range that my other Public IP, it’s : 100.100.214.166/30
    And my 8 public IP Range : 100.100.213.168/29

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.