ASA 5505 / 5510 different Static commad (NAT/PAT)

Discussion in 'Cisco' started by googlegroups, Aug 10, 2007.

  1. googlegroups

    googlegroups Guest

    Hi Cisco Freaks

    I have a problem/question:

    I have a ASA5510 and a ASA5505 and i want to migrate from the 5510 to
    5505. I try to open the ftp port from outside to inside. It's vary
    simpel, but the command

    access-list outside_access_in extended permit tcp any host 1.2.3.4 eq
    ftp
    static (inside,outside) tcp 1.2.3.4 192.168.8.88 netmask
    255.255.255.255

    doesn't work. When i replace the static command with

    static (inside,outside) tcp 1.2.3.4 ftp 192.168.8.88 ftp netmask
    255.255.255.255

    The ASA pass the FTP traffic. The other difference for sure, is the
    VLAN's on the ASA5505.



    On the 5505:

    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.8.1 255.255.255.0

    interface Vlan2
    nameif outside
    security-level 0
    ip address 1.2.3.1 255.255.255.128

    interface Ethernet0/0
    switchport access vlan 2


    On the 5510:

    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 1.2.3.1 255.255.255.128

    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.8.1 255.255.255.0


    I don't understand why it not work. On a cheap PIX 501 it was also no
    problem, why on a ASA5505?
    Okay, i can add for every port a Static-PAT, but the PAT in the Static
    command don't accept Service Groups, so it's mutch mor work to define
    the rules.

    Any idea why?


    cu ivo
     
    googlegroups, Aug 10, 2007
    #1
    1. Advertisements

  2. googlegroups

    googlegroups Guest

    Ah, i use the ASA Version 8.0(2)
     
    googlegroups, Aug 10, 2007
    #2
    1. Advertisements

  3. googlegroups

    googlegroups Guest

    I found the problem: without the "TCP" in the static command, it
    works :)


    cu ivo
     
    googlegroups, Aug 10, 2007
    #3
  4. googlegroups

    icschorr Guest

    how ?
     
    icschorr, Aug 10, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.