Natting issue

Unanswered Question
Sep 24th, 2008
User Badges:


I have 1 ASA connected with L3 3550 switch in L3 mode. In ASA natting for inside & global outside is configured with proper static routing.

ENd user is being assigned with manual ip. The problem is whenever any end machine comes up in the network automatically it is natted with a public ip from global ip pool configured in the asa.

I blocked the netwbios ports in the switch using acl but still the problem persists.

any suggestion plz..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
indsyss Wed, 09/24/2008 - 21:36
User Badges:

if you dont mind post your config.


S.mohana sundaram

acharyr123 Wed, 09/24/2008 - 22:00
User Badges:



interface GigabitEthernet0/0

description @@@ Connected with Router Gig 0/0/1 @@@

nameif outside

security-level 0

ip address


interface GigabitEthernet0/1

description @@@ Connected with Core Switch @@@

nameif inside

security-level 100

ip address


interface GigabitEthernet0/2

description @@@ DMZ ZONE @@@

nameif dmz

security-level 50

ip address

access-list 110 permit tcp any any eq 53

access-list 110 permit udp any any eq 53

access-list 110 permit tcp any any eq 80

access-list 110 permit tcp any any eq 443

access-list 110 permit tcp any any eq 25

access-list 110 permit tcp any any eq 110

access-list 110 permit icmp any any eq echo-reply

global (outside) 1 netmask

nat (inside) 1

access-group 110 in inerface outside

access-group 110 in inerface inside

access-group 110 in inerface dmz

route outside 1

route inside


L3 Switch:

Int vlan 2

ip address

Int gi0/7

no switchport

ip address

description ### connected with firewall ###

ip route

Marwan ALshawi Thu, 09/25/2008 - 03:53
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

based on ur config anydevice in network want to go to the internet will use any available ip in ur pool

what u want to do exactly ?

acharyr123 Thu, 09/25/2008 - 04:11
User Badges:

The problem is: whenever any machine comes up with IP, it automatically gets natted & being asigned a free public ip from the pool.

If i want to access internet then only it should be natted. But in my case if a ping a local machine in the lan, then also using "sh xlate" command i can see that my local ip has been natted with a public ip.


This Discussion