Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
2
Replies

asa 5505 as router

be04376
Level 1
Level 1

‎02-29-2008 09:19 AM - edited ‎02-21-2020 01:55 AM

Hi,

i have an asa 5505 setup as a default router for my network inside address 192.168.32.254. I want to route traffic for 192.168.251.0 to a diffrent inside host 192.168.32.205

I included traffice from 192.168.32.0 to 192.168.251.0 in my nat exempt list

I have setup a route route inside 192.168.251.0 255.255.255.0 192.168.32.205

i get no translation group error for traffic from 192.168.32.x to 192.168.251.x

a packet trace gives me

packet-tracer input inside icmp 192.168.32.207 0 0 192.168.251.6

Phase: 1

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 2

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 192.168.251.0 255.255.255.0 inside

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 192.168.32.0 255.255.255.0 inside

Phase: 4

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

Phase: 5

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: INSPECT

Subtype: np-inspect

Result: ALLOW

Config:

Additional Information:

Phase: 7

Type: NAT-EXEMPT

Subtype:

Result: ALLOW

Config:

nat (inside) 0 access-list acl_no-nat

match ip inside 192.168.32.0 255.255.255.0 inside 192.168.251.0 255.255.255.0

NAT exempt

translate_hits = 1, untranslate_hits = 0

Additional Information:

Phase: 8

Type: NAT

Subtype:

Result: ALLOW

Config:

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 165, untranslate_hits = 0

Additional Information:

Phase: 9

Type: NAT

Subtype: host-limits

Result: ALLOW

Config:

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 165, untranslate_hits = 0

Additional Information:

Phase: 10

Type: NAT

Subtype: rpf-check

Result: DROP

Config:

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 165, untranslate_hits = 0

Additional Information:

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

Can sombody help me out with this ?

0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎02-29-2008 12:14 PM

is the following command configured:

same-security-traffic permit intra-interface

0 Helpful

be04376
Level 1
Level 1
In response to srue

‎03-03-2008 12:13 AM

yes same-security-traffic permit intra-interface is enabled

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card