cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
0
Helpful
2
Replies

ASA NAT Issue

ddevore01
Level 1
Level 1

Hi all,

I have an ASA with a WAN interface, inside interface, and an interface attached to a private T-1. I have multiple end points that must communicate from the inside interface to the T-1 via static 1-to-1 NATs but still be able to connect out the WAN interface with PAT. The WAN PAT works fine, but the 1-to-1 NATs aren't working.

I have configured 1-to-1 NATs from the inside to t-1 interfaces (and vice versa) and allowed ip and icmp traffic through ACLs, but no traffic is flowing. I also added routes to the remote networks out the t-1 interface. I feel as if I am close but missing a step here. I don't know if it matters, but the NAT outside addresses do not exist in any network segment on my end and are different than the interface address; the router on the other end just has a static route to forward the outside network addresses to my t-1 interface.

Any help is appreciated!

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Need to see your configuration really.

If the ASA is running 8.3 or higher it could be the order of your NAT statements for example.

Can you post you configuration together with a source and destination IP address you are trying to ping between.

Jon

Hi,

I think the statement "  I don't know if it matters, but the NAT outside addresses do not exist in any network segment on my end and are different than the interface address"  is key  to the problem, as Jon said the config will help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: