Need Help Configuring Static NAT and Access List

Discussion in 'Cisco' started by tman, Jun 18, 2008.

  1. tman

    tman Guest

    I am trying to learn how to configure an ASA5505. I have written one
    access-list and one static NAT statement but I cannot get packets from
    outside to the host on the dmz.

    The ip address on the outside interface is The ip
    address on the dmz interface is

    To test I have one host, connected to the outside
    interface and a second host, connected to the dmz
    interface. I am running a utility called Attacker on the host in the
    dmz that is listening on port 110. To test I just telnet from the
    outside host to port 110 on the host in the dmz. So far I have been

    Here are my access-list and its grouping to the outside interface and
    my static NAT statement Am I missing something? Do I have to add to the outside interface as a virtual ip address like some
    firewalls or does the static nat accomplish this?

    access-list OutsideToDmz extended permit tcp any host eq

    access-group OutsideToDmz in interface outside

    static (outside,dmz) netmask

    Any suggestions will be greatly appreciated.

    tman, Jun 18, 2008
    1. Advertisements

  2. tman

    jcle Guest

    I think it is static(dmz,outside) 192.168,20.134 netmask
    jcle, Jun 18, 2008
    1. Advertisements

  3. tman

    mcaissie Guest

    Actually it's

    static (dmz,outside) netmask

    static (real,fake) fake real netmask
    mcaissie, Jun 18, 2008
  4. tman

    tman Guest

    Thanks. That finally worked. Jeeesh! These docs are difficult to
    interpret. They seem to always use weird examples rather than
    straight forward basic ones.
    tman, Jun 18, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.