NAT and 7.1(2)

Unanswered Question
Oct 20th, 2008
User Badges:

I am trying to make translation from inside to outside on a ASA 5520 box with 7.1 (2) context based software


Trust me, the findings are really weird


Translation happens because the connectivity gets through and the other end as well is able to view the translated IP address for all the three type of configurations

Static

Dynamic and

policy based using acl


The issue is in the show local command output; the inside and outside IP addresses and not displayed. It works when nat (inside) id <host> is configured; but does not happen for static NAT and policy based NAT


Global (outside) 10 1.1.1.1 netmask 255.255.255.255


Nat (inside) 10 10.10.10.10 255.255.255.255


Show local 10.10.10.10


Xlate:

PAT Global 1.1.1.1(1024) Local 10.10.10.10(3955)


Conn:

TCP out 11.11.11.11:443 in 10.10.10.10:3956 idle 0:00:22 bytes 8827 flags UIO


-----------------


Static (inside,outside) 1.1.1.1 10.10.10.10 netmask 255.255.255.255


Show local 10.10.10.10



Conn:

TCP out 11.11.11.11:443 in 10.10.10.10:3956 idle 0:00:22 bytes 8827 flags UIO


------------------


Nat (inside) 10 access-list test

Access-list test permit ip host 10.10.10.10 host 11.11.11.11


Show local 10.10.10.10



Conn:

TCP out 11.11.11.11:443 in 10.10.10.10:3956 idle 0:00:22 bytes 8827 flags UIO



Can anyone let me know why I am not able to view the translation happening for static NAT or policy based NAT. In coming future this would get very difficult to troubleshoot on identifying where the problem is, so pl. suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 10/20/2008 - 06:46
User Badges:
  • Green, 3000 points or more

did you clear xlate table?



actually try clearing that particular local host.



e.i

asa#clear local-host


then initiate outbound traffic from that host and do "show local-host" again to see its actual static NAT translation.


see if that makes any difference.



Rgds

Jorge


rush2amol Mon, 10/20/2008 - 08:40
User Badges:

Yes i have clear the translation table but still cannot view the output of the show local command.

singhsaju Mon, 10/20/2008 - 06:47
User Badges:
  • Silver, 250 points or more

You are using same global ip address 1.1.1.1 for static NAT , Policy NAT and dynamic NAT.


Try using different Global ip addresses for each of the translations.Then it will show the output.


HTH

Saju

Pls rate helpful posts

rush2amol Mon, 10/20/2008 - 08:43
User Badges:

No, i do not use same global IP address simultaneously. its like first i only make a static nat, then remove static NAT and configure policy based NAT.


But when i configure PAT like nat (inside) , i am able to see the output in the show local command.

Actions

This Discussion