5525X ASA resolving static Nat to incorrect host.

lukedp · ‎02-28-2014

Hello all,

I am having difficulty trouble shooting a problem I am having troubles with a firewall rule. I have setup a static Nat rule to a single host (10.0.0.2) in my network to allow rdp, when I run packet tracker the rule works, however when I physically try to connect from out side the rule resolves to another host (10.0.0.3).

Jouni Forss · ‎03-02-2014

Hi,

Share is the NAT configurations and the "packet-tracer" output

You could also confirm that there is NO translations from the WRONG IP address to the public IP address you are connecting to with

show xlate local 10.0.0.3

I would also confirm that you are not having some sort of DNS issue even though you are in the external network.

Make sure that you are connecting to the correct public IP address as I don't see why the ASA would forward a connectong to a different internal host that its "packet-tracer" test shows.

Though I would rule out an issue with "nat" configurations or the before mentioned DNS issue.

- Jouni

INGENIERIA Y CONSULTORIAS WEBREDES LTDA · ‎03-03-2014

i had similar behavior but now i find the cause of the misleading NAT.

i'll not use in this time IP addresses on my ASA, i just use names, and in some way i had duplicated the name with diferent ip addresses, so when i try to get nat to "A host" i make the nat to "a host", and this makes the NAT goes to another ip address, when it seems be the same.

check what i told, maybe is the same behaivior and you'll just confused ...

had a great day .

best regards, and rate if you'll find this post useful

had a great day . best regards, and rate if you'll find this post useful