Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ASA 5505 Static NAT help

ASA 5505 Static NAT help 7 years 4 months ago #30435

  • Ledition
  • Ledition's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hi everyone,

Your help will be greatly appreciated!

I am new to Cisco products and trying to configure a ASA5505 firewall.

I am trying to access a web server (ip: hosted on the inside network ( from the outside network ( I believe I have implemented the required ACL and Static NAT rule. But, I am unable to access the web server from outside.

Note: firewall licensing has DMZ restricted. I can access the outside network from inside.

Here is the firewall configuration:

ASA Version 8.0(4)
hostname ciscoasa
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
ip address
interface Vlan12
no forward interface Vlan1
nameif management
security-level 100
ip address
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 12
no ftp mode passive
access-list outside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (outside,inside) tcp www www netmask
access-group outside_access_in in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address inside
dhcpd enable inside

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp

Thank you!
The administrator has disabled public write access.

Got it working 7 years 4 months ago #30436

  • Ledition
  • Ledition's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Yay! I got it to work.

I had an incorrect implemention of Static NAT rule. Here is the correct rule that worked for me:

static (inside,outside) tcp interface www www netmask

The administrator has disabled public write access.
Time to create page: 0.078 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup