[c-nsp] ASA PAT question

Mon Apr 23 11:39:50 EDT 2012

Hi Nick,
Here is relevant bits of my configuration

Objects:
object network obj-10.1.1.197
 host 10.1.1.197
object network obj-10.1.1.197-02
 host 10.1.1.197
object network obj-10.1.1.197-03
 host 10.1.1.197
object network obj-10.0.0.0-01
object network obj-10.1.1.197-01
 host 10.1.1.197
object network obj-10.1.1.0
 subnet 10.1.1.0 255.255.255.0
object-group network MESSAGELABS
 network-object object obj-117.120.16.0
 network-object object obj-193.109.254.0
 network-object object obj-194.106.220.0
 network-object object obj-195.245.230.0
 network-object object obj-216.82.240.0
 network-object object obj-62.231.131.0
 network-object object obj-85.158.136.0
 network-object object obj-95.131.104.0

Access Lists:

access-list INSIDE-IN extended permit tcp object obj-10.1.1.197 any eq smtp
access-list OUTSIDE-IN extended permit tcp object-group MESSAGELABS object
obj-10.1.1.197 eq smtp

NAT rules:

nat (INSIDE,OUTSIDE) source static any any destination static
NETWORK_OBJ_10.11.1.0_26 NETWORK_OBJ_10.11.1.0_26 no-proxy-arp route-lookup
!
object network obj-10.1.1.191
 nat (INSIDE,OUTSIDE) static obj-2xx.35.1xx.225
object network obj-10.1.1.193
 nat (INSIDE,OUTSIDE) static obj-2xx.35.1xx.228
object network obj-10.1.1.167
 nat (INSIDE,OUTSIDE) static obj-2xx.35.1xx.227
object network obj-10.1.1.224-03
 nat (INSIDE,OUTSIDE) static interface service tcp ftp ftp
object network obj-10.1.1.224-04
 nat (INSIDE,OUTSIDE) static interface service tcp ftp-data ftp-data
object network obj-10.100.1.245
 nat (INSIDE,OUTSIDE) static obj-2xx.35.1xx.230
object network obj-10.1.1.159
 nat (INSIDE,OUTSIDE) static obj-2xx.44.2xx.249
object network obj-10.1.1.220
 nat (INSIDE,OUTSIDE) static obj-203.35.115.226
object network obj-10.1.1.156
 nat (INSIDE,OUTSIDE) static obj-203.35.115.229
object network obj-10.1.1.197-02
 nat (INSIDE,OUTSIDE) static interface service tcp https https
object network obj-10.1.1.197-01
 nat (INSIDE,OUTSIDE) static interface service tcp smtp smtp
object network obj-10.1.1.0
 nat (INSIDE,OUTSIDE) dynamic interface

On Mon, Apr 23, 2012 at 11:13 PM, Nick Hilliard <nick at foobar.org> wrote:

> On 23/04/2012 15:54, Hemal Shah wrote:
> > Has anybody come across similar problem?
>
> yes, several times - usually it's the result of misconfiguration, but there
> were a bunch of bugs in 8.3 relating to this, which were mostly or wholly
> solved by 8.4(2).  Can you post the relevant bits of your configuration?
>
> Nick
>
>