How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Claws224 Your Own Question

Claws224, IEEE Network Engineer
Category: Networking
Satisfied Customers: 1256
Experience:  IEEE, Microsoft
Type Your Networking Question Here...
Claws224 is online now
A new question is answered every 9 seconds

Having a LOT of trouble with getting NAT through. This is

Customer Question

Having a LOT of trouble with getting NAT through. This is with a Cisco ASA 5510 on 8.2(5) - don't ask - can't upgrade firmware.
Example: Interface E0/0 has IP address, Public. LAN on E0/2. VPN device (for different tunneling application) on E0/3 with a GW address of - the device is on
I can ping from the ASA. cannot get out to the internet. I cannot seem to create a static nat rule that will pass port 4000 on to port 22 on
Any ideas ?
Submitted: 6 months ago.
Category: Networking
Expert:  Brent Woolverton replied 6 months ago.
Hello, Can you please paste the running-config so I can see what your settings are exactly. Please make sure to star out any passwords or encrypted passwords in the running-config.
Customer: replied 6 months ago.
Config file attached. Thanks...
Customer: replied 6 months ago.
btw... having TWO problems here.... (host inside e0/3) needs to get out to the internet. and, the manager of that host needs to ssh to port 4000 on and get to port 22....Sorry for not making that clear.
Expert:  Brent Woolverton replied 6 months ago.
Hello, Sorry about the delay. We will take your issue one step at a time. The most important is providing your network on the aryaka interface accessing the internet. From the looks of it, your ACLs are giving you the issue. Let us just take one precationary test prior to changing any configuration to your access control lists though. Go into your config and enter the policy-map global_policy, then class inspection_default. Add an 'inspect icmp' to the list, write mem then try to ping from your device. If that fails, my suspicions are most likely correct. As a personal bit of advise, it is not good practice to name your ACLs the same as your interface. I have noticed issues with using the same namespace. Try the following access control to see if we can get your aryaka interface some internet life. This ACL will allow your users on the network to use any protocol heading outwards.access-list inet permit ip anyaccess-group inet in interface aryakanat (aryaka) 1 let me know if this resolves the issues. Do not forget, the logging command is your best friend. Set the following in config modelogging enablelogging buffered informationalUse the 'show logging' command in the cli to see what occurs at the time when you attempt to reach the internet. If the issue still continues, please submit the syslog here so I can attempt to debug it. Once we have this fixed, we will work on your PAT issue.
Expert:  Brent Woolverton replied 6 months ago.
Hello, Do you still need assistance with this issue?ThanksBrent

Related Networking Questions