Need Help Configuring Static NAT and Access List

I am trying to learn how to configure an ASA5505. I have written one access-list and one static NAT statement but I cannot get packets from outside to the host on the dmz.

The ip address on the outside interface is The ip address on the dmz interface is

To test I have one host, connected to the outside interface and a second host, connected to the dmz interface. I am running a utility called Attacker on the host in the dmz that is listening on port 110. To test I just telnet from the outside host to port 110 on the host in the dmz. So far I have been unsuccessful.

Here are my access-list and its grouping to the outside interface and my static NAT statement Am I missing something? Do I have to add to the outside interface as a virtual ip address like some firewalls or does the static nat accomplish this?

access-list OutsideToDmz extended permit tcp any host eq pop3

access-group OutsideToDmz in interface outside

static (outside,dmz) netmask

Any suggestions will be greatly appreciated.


Reply to
Loading thread data ...

I think it is static(dmz,outside) 192.168,20.134 netmask
Reply to

Actually it's

static (dmz,outside) netmask

static (real,fake) fake real netmask

Reply to

Thanks. That finally worked. Jeeesh! These docs are difficult to interpret. They seem to always use weird examples rather than straight forward basic ones.

Reply to
tman Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.