Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
1
Replies

Double PAT Problems

cisco_lite
Level 1
Level 1

‎05-24-2009 08:50 AM - edited ‎03-06-2019 05:54 AM

Hi,

Topology:

Host -> FWSM -> Cat65K (Host Source IP PAT'ed on SVI) -> ASA 2 -> ASA 1 (Source IP again PAT'ed on outside interface -> Internet

I am not able to access the internet with the above. Only built connection logs can be seen on all the firewalls and after some wait a TCP Reset-O is seen on them. I ran a sniffer on the host and noticed that the initial SYN, SYN/ACK, ACK goes thru but then the host goes into a loop of TCP Retransmission/Dup ACK and the destination never responds.

Can dual PAT'ing on the way out to the internet can cause such problems. For some reason, the destination does not recognize any exchange after the initial TCP handshake.

Please assist.

Thanks.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎05-24-2009 12:15 PM

There is no reason in theory why dual patting should not work. In fact from memory i believe i have done this before without issue.

What does the translation table look like on both the 6500 and the ASA ?

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card