NAT and 7.1(2)

Unanswered Question
Oct 20th, 2008

I am trying to make translation from inside to outside on a ASA 5520 box with 7.1 (2) context based software

Trust me, the findings are really weird

Translation happens because the connectivity gets through and the other end as well is able to view the translated IP address for all the three type of configurations

Static

Dynamic and

policy based using acl

The issue is in the show local command output; the inside and outside IP addresses and not displayed. It works when nat (inside) id <host> is configured; but does not happen for static NAT and policy based NAT

Global (outside) 10 1.1.1.1 netmask 255.255.255.255

Nat (inside) 10 10.10.10.10 255.255.255.255

Show local 10.10.10.10

Xlate:

PAT Global 1.1.1.1(1024) Local 10.10.10.10(3955)

Conn:

TCP out 11.11.11.11:443 in 10.10.10.10:3956 idle 0:00:22 bytes 8827 flags UIO

-----------------

Static (inside,outside) 1.1.1.1 10.10.10.10 netmask 255.255.255.255

Show local 10.10.10.10

Conn:

TCP out 11.11.11.11:443 in 10.10.10.10:3956 idle 0:00:22 bytes 8827 flags UIO

------------------

Nat (inside) 10 access-list test

Access-list test permit ip host 10.10.10.10 host 11.11.11.11

Show local 10.10.10.10

Conn:

TCP out 11.11.11.11:443 in 10.10.10.10:3956 idle 0:00:22 bytes 8827 flags UIO

Can anyone let me know why I am not able to view the translation happening for static NAT or policy based NAT. In coming future this would get very difficult to troubleshoot on identifying where the problem is, so pl. suggest.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 10/20/2008 - 06:46

did you clear xlate table?

actually try clearing that particular local host.

e.i

asa#clear local-host

then initiate outbound traffic from that host and do "show local-host" again to see its actual static NAT translation.

see if that makes any difference.

Rgds

Jorge

rush2amol Mon, 10/20/2008 - 08:40

Yes i have clear the translation table but still cannot view the output of the show local command.

singhsaju Mon, 10/20/2008 - 06:47

You are using same global ip address 1.1.1.1 for static NAT , Policy NAT and dynamic NAT.

Try using different Global ip addresses for each of the translations.Then it will show the output.

HTH

Saju

Pls rate helpful posts

rush2amol Mon, 10/20/2008 - 08:43

No, i do not use same global IP address simultaneously. its like first i only make a static nat, then remove static NAT and configure policy based NAT.

But when i configure PAT like nat (inside) , i am able to see the output in the show local command.

Actions

This Discussion