NAT for multiple private subnets

dhawthrone · ‎09-17-2007

I have an ASA5510 for internet access. On the private side, it is on the same LAN as a 2800 series router with multiple GE interfaces, running two subnets. I want to NAT both the subnets from the 2800 series to the ASA5510 using a single dynamic NAT pool.

I can configure one or the other on the the ASA, but not both it seems.

Error is "portmap translation creation failed" for either subnet.

Jon Marshall · ‎09-17-2007

Hi

So does your config look something like this ?

ciscoasa(config)# sh running-config nat

nat (inside) 1 192.168.5.0 255.255.255.0

nat (inside) 1 192.168.6.0 255.255.255.0

ciscoasa(config)# sh run

ciscoasa(config)# sh running-config global

global (outside) 1 172.16.5.1-172.16.5.254 netmask 255.255.255.0

Jon

dhawthrone · ‎09-18-2007

Here is what it looks like (IP addresses omitted)

ASA5510Primary# sho running-config nat

nat (INSIDE) 0 access-list INSIDE_nat0_outbound

nat (INSIDE) 15 10.100.1.0 255.255.255.0

nat (INSIDE) 15 172.16.1.0 255.255.255.0

nat (DMZ01) 20 10.100.2.0 255.255.255.0

ASA5510Primary# sho running-config global

global (OUTSIDE) 15 X.X.X.X-X.X.X.X netmask 255.255.255.X

global (OUTSIDE) 30 X.X.X.X-X.X.X.X netmask 255.0.0.0

global (OUTSIDE) 10 interface

global (OUTSIDE) 20 X.X.X.X netmask 255.255.255.X

When I add nat (INSIDE) 15 10.100.1.0 255.255.255.0 I start receiving the portmap translation creation failed errors.

It works fine if only one of the nat (INSIDE) statements is present though.