NAT for multiple private subnets

Unanswered Question
Sep 17th, 2007
User Badges:

I have an ASA5510 for internet access. On the private side, it is on the same LAN as a 2800 series router with multiple GE interfaces, running two subnets. I want to NAT both the subnets from the 2800 series to the ASA5510 using a single dynamic NAT pool.

I can configure one or the other on the the ASA, but not both it seems.

Error is "portmap translation creation failed" for either subnet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 09/17/2007 - 09:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


So does your config look something like this ?

ciscoasa(config)# sh running-config nat

nat (inside) 1

nat (inside) 1

ciscoasa(config)# sh run

ciscoasa(config)# sh running-config global

global (outside) 1 netmask


dhawthrone Tue, 09/18/2007 - 04:07
User Badges:

Here is what it looks like (IP addresses omitted)

ASA5510Primary# sho running-config nat

nat (INSIDE) 0 access-list INSIDE_nat0_outbound

nat (INSIDE) 15

nat (INSIDE) 15

nat (DMZ01) 20

ASA5510Primary# sho running-config global

global (OUTSIDE) 15 X.X.X.X-X.X.X.X netmask 255.255.255.X

global (OUTSIDE) 30 X.X.X.X-X.X.X.X netmask

global (OUTSIDE) 10 interface

global (OUTSIDE) 20 X.X.X.X netmask 255.255.255.X

When I add nat (INSIDE) 15 I start receiving the portmap translation creation failed errors.

It works fine if only one of the nat (INSIDE) statements is present though.


This Discussion