NAT for multiple private subnets

Sep 17th, 2007
I have an ASA5510 for internet access. On the private side, it is on the same LAN as a 2800 series router with multiple GE interfaces, running two subnets. I want to NAT both the subnets from the 2800 series to the ASA5510 using a single dynamic NAT pool.

I can configure one or the other on the the ASA, but not both it seems.

Error is "portmap translation creation failed" for either subnet.

Jon Marshall Mon, 09/17/2007 - 09:23
So does your config look something like this ?

ciscoasa(config)# sh running-config nat

nat (inside) 1

nat (inside) 1

ciscoasa(config)# sh run

ciscoasa(config)# sh running-config global

global (outside) 1 netmask


dhawthrone Tue, 09/18/2007 - 04:07
Here is what it looks like (IP addresses omitted)

ASA5510Primary# sho running-config nat

nat (INSIDE) 0 access-list INSIDE_nat0_outbound

nat (INSIDE) 15

nat (INSIDE) 15

nat (DMZ01) 20

ASA5510Primary# sho running-config global

global (OUTSIDE) 15 X.X.X.X-X.X.X.X netmask 255.255.255.X

global (OUTSIDE) 30 X.X.X.X-X.X.X.X netmask

global (OUTSIDE) 10 interface

global (OUTSIDE) 20 X.X.X.X netmask 255.255.255.X

When I add nat (INSIDE) 15 I start receiving the portmap translation creation failed errors.

It works fine if only one of the nat (INSIDE) statements is present though.


