PAT with different default gateway

Unanswered Question
Feb 11th, 2010

Hi I have a Windows XP client with IP 192.168.1.10/24 and as default  gateway a router 192.168.1.1

I have assigned a second IP address  on the XP: 192.168.2.10/24.

And I have installed an ASA:

interface  Ethernet0/0
  nameif Outside
  security-level 0
  ip address  xxx.xxx.xxx.1 255.255.255.0 !
interface Ethernet0/1
  nameif  Inside
  security-level 50
  ip address 192.168.2.1 255.255.255.0

I  try to do a static port forwarding:

access-list  Outside_to_Inside extended permit ip any any

nat-control
nat  (Inside) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) tcp xxx.xxx.xxx.10  www 192.168.2.10 www netmask
255.255.255.255

access-group  Outside_to_Inside in interface Outside


Should the translation  work without changing the default gateway of the XP to ASA  (192.168.2.1)?

In my case the translation does not work so far:

sh  nat
   match tcp Inside host 192.168.2.10 eq 80 Outside any
      static translation to xxx.xxx.xxx.xxx/80
     translate_hits = 0,  untranslate_hits = 2


Any help would be much appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Matthew Warrick Thu, 02/11/2010 - 07:17

Based on what you wrote the Windows XP host probably has a default route for all 0.0.0.0 networks via its 192.168.10.1 gateway.

You can inspect this by doing a:

netstat -nr from a command prompt.

In order for the responses to egress the proper interface on the XP client you will need the 0.0.0.0 route to point to the 192.168.20.1 gateway.

You can delete and readd the 10 network interface on the client so the 20 network becomes the default or manually delete the default route and add a persistent static route via the 20 interface.  Remember to use the -p switch on the route command if you want it to remain persistent across reboots.

Actions

This Discussion