Natting issue

Unanswered Question
Sep 24th, 2008
User Badges:

Hi,


I have 1 ASA connected with L3 3550 switch in L3 mode. In ASA natting for inside & global outside is configured with proper static routing.


ENd user is being assigned with manual ip. The problem is whenever any end machine comes up in the network automatically it is natted with a public ip from global ip pool configured in the asa.


I blocked the netwbios ports in the switch using acl but still the problem persists.


any suggestion plz..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
indsyss Wed, 09/24/2008 - 21:36
User Badges:

if you dont mind post your config.



regs


S.mohana sundaram


acharyr123 Wed, 09/24/2008 - 22:00
User Badges:

ASA:

===========================================

interface GigabitEthernet0/0

description @@@ Connected with Router Gig 0/0/1 @@@

nameif outside

security-level 0

ip address 125.20.1.2 255.255.255.224

!

interface GigabitEthernet0/1

description @@@ Connected with Core Switch @@@

nameif inside

security-level 100

ip address 192.168.255.5 255.255.255.252

!

interface GigabitEthernet0/2

description @@@ DMZ ZONE @@@

nameif dmz

security-level 50

ip address 192.168.10.1 255.255.255.192

access-list 110 permit tcp any any eq 53

access-list 110 permit udp any any eq 53

access-list 110 permit tcp any any eq 80

access-list 110 permit tcp any any eq 443

access-list 110 permit tcp any any eq 25

access-list 110 permit tcp any any eq 110

access-list 110 permit icmp any any eq echo-reply

global (outside) 1 210.212.10.2-210.212.10.14 netmask 255.255.255.240

nat (inside) 1 192.168.10.0 255.255.255.0

access-group 110 in inerface outside

access-group 110 in inerface inside

access-group 110 in inerface dmz


route outside 0.0.0.0 0.0.0.0 125.20.1.1 1

route inside 192.168.0.0 255.255.0.0 192.168.255.6

=============================================


L3 Switch:


Int vlan 2

ip address 192.168.10.1 255.255.255.0


Int gi0/7

no switchport

ip address 192.168.255.6 255.255.255.252

description ### connected with firewall ###


ip route 0.0.0.0 0.0.0.0 192.168.255.5


Marwan ALshawi Thu, 09/25/2008 - 03:53
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

based on ur config anydevice in network 192.168.10.0/24 want to go to the internet will use any available ip in ur pool

what u want to do exactly ?

acharyr123 Thu, 09/25/2008 - 04:11
User Badges:

The problem is: whenever any machine comes up with IP 192.168.10.0/24, it automatically gets natted & being asigned a free public ip from the pool.


If i want to access internet then only it should be natted. But in my case if a ping a local machine in the lan, then also using "sh xlate" command i can see that my local ip has been natted with a public ip.

Actions

This Discussion