FWSM nat problem

Unanswered Question
Nov 6th, 2008
User Badges:
  • Silver, 250 points or more

Hi,


I've got problem with user behind a multi-context/transparent FWSM. The FW is doing PAT in the NAT pool. Did anyone ever experience this issue.



firewall transparent



global (outside) 1 X.Y.177.50-X.Y.177.253 netmask 255.255.255.0


global (outside) 1 X.Y.177.254

nat (inside) 1 10.10.240.0 255.255.252.0 dns norandomseq


sh xlate

17 in use, 37 most used

Global X.Y.177.51 Local 10.10.240.36

Global X.Y.177.54 Local 10.10.240.59

Global X.Y.177.58 Local 10.10.240.5

Global X.Y.177.60 Local 10.10.240.200

Global X.Y.177.61 Local 10.10.240.32

Global X.Y.177.63 Local 10.10.240.31

Global X.Y.177.65 Local 10.10.240.104

Global X.Y.177.52 Local 10.10.240.37

Global X.Y.177.86 Local 10.10.241.135

Global X.Y.177.51 Local 10.10.243.10

Global X.Y.177.51 Local 10.10.240.49

Global X.Y.177.52 Local 10.10.241.103

Global X.Y.177.50 Local 10.10.241.249

Global X.Y.177.52 Local 10.10.240.33

Global X.Y.177.52 Local 10.10.241.246

Global X.Y.177.52 Local 10.10.241.252

Global X.Y.177.52 Local 10.10.241.245

Global X.Y.177.52 Local 10.10.241.251

Global X.Y.177.52 Local 10.10.241.102

Global X.Y.177.52 Local 10.10.243.12

Global X.Y.177.52 Local 10.10.241.250

Global X.Y.177.52 Local 10.10.241.254

Global X.Y.177.52 Local 10.10.240.70

Global X.Y.177.53 Local 10.10.243.252

Global X.Y.177.54 Local 10.10.241.42

Global X.Y.177.50 Local 10.10.240.10

Global X.Y.177.56 Local 10.10.240.11

Global X.Y.177.57 Local 10.10.240.7

Global X.Y.177.68 Local 10.10.240.2

Global X.Y.177.70 Local 10.10.240.6

Global X.Y.177.71 Local 10.10.240.18

Global X.Y.177.74 Local 10.10.240.102

Global X.Y.177.59 Local 10.10.240.103

Global X.Y.177.69 Local 10.10.241.107




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Fri, 11/07/2008 - 02:13
User Badges:
  • Silver, 250 points or more

global (outside) 1 X.Y.177.50-X.Y.177.253 netmask 255.255.255.0

global (outside) 1 X.Y.177.254


It seems ok, because the first global statement has a public IP range, so till the range is exhasted it will do on-to-one nat and after that the 2nd global statemnt comes into action doing PAT.

Actions

This Discussion