Cisco ASA Static (One to One) NAT Translation
KB ID 0000691 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. If you have a spare/available public IP address you can statically map that IP address to one of your network hosts, (i.e. for a mail server, or a web server, that needs public access). This is commonly referred to as a ‘Static NAT’, or a ‘One to One translation’. Where all traffic destined for public...
Packet-Tracer Fails Subtype: rpf-check Result: DROP
KB ID 000904 Problem I love packet-tracer, I use it a lot, especially when I’ve been told that the firewall I’ve installed is stopping a particular port. I had set up a simple port forward the other day, and when I went to check it with packet-tracer this happened. Petes-ASA# packet-tracer input outside tcp 123.123.123.123 443 192.168.1.10 443 <——-Output removed——–> Phase: 7 Type: NAT...
Cisco ASA 5500 – Adding New ‘Different Range’ Public IP Addresses
KB ID 0001006 Problem I got an email at work yesterday; “Hello Pete I have asked our ISP to give us two additional real IP addresses so that we can progress the following two projects: Microsoft DirectAccess Publishing documents to a web server from our internal DMS. {ISP Name} have come back and said that they don’t have the next available numbers in our current IP address range, but they do have two other numbers we could...