NAT and 7.1(2)

Unanswered Question
Oct 20th, 2008
User Badges:

I am trying to make translation from inside to outside on a ASA 5520 box with 7.1 (2) context based software

Trust me, the findings are really weird

Translation happens because the connectivity gets through and the other end as well is able to view the translated IP address for all the three type of configurations


Dynamic and

policy based using acl

The issue is in the show local command output; the inside and outside IP addresses and not displayed. It works when nat (inside) id <host> is configured; but does not happen for static NAT and policy based NAT

Global (outside) 10 netmask

Nat (inside) 10

Show local


PAT Global Local


TCP out in idle 0:00:22 bytes 8827 flags UIO


Static (inside,outside) netmask

Show local


TCP out in idle 0:00:22 bytes 8827 flags UIO


Nat (inside) 10 access-list test

Access-list test permit ip host host

Show local


TCP out in idle 0:00:22 bytes 8827 flags UIO

Can anyone let me know why I am not able to view the translation happening for static NAT or policy based NAT. In coming future this would get very difficult to troubleshoot on identifying where the problem is, so pl. suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 10/20/2008 - 06:46
User Badges:
  • Green, 3000 points or more

did you clear xlate table?

actually try clearing that particular local host.


asa#clear local-host

then initiate outbound traffic from that host and do "show local-host" again to see its actual static NAT translation.

see if that makes any difference.



rush2amol Mon, 10/20/2008 - 08:40
User Badges:

Yes i have clear the translation table but still cannot view the output of the show local command.

singhsaju Mon, 10/20/2008 - 06:47
User Badges:
  • Silver, 250 points or more

You are using same global ip address for static NAT , Policy NAT and dynamic NAT.

Try using different Global ip addresses for each of the translations.Then it will show the output.



Pls rate helpful posts

rush2amol Mon, 10/20/2008 - 08:43
User Badges:

No, i do not use same global IP address simultaneously. its like first i only make a static nat, then remove static NAT and configure policy based NAT.

But when i configure PAT like nat (inside) , i am able to see the output in the show local command.


This Discussion