Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 9.1 NAT Issue

Hi guys,

Strange NAT issue on my ASA 5512 (9.1). I have a site to site VPN set up between two sites and have configured multiple NAT exemption rules and a dynamic NAT rule, NAT'd traffic is for any traffic not exempt. Testing to the remote-network was only partially successful as I was only able to verify connectivity to the mail server, drive mappings constantly failed even though the reside on the same subnet. NAT also failed completely during testing although I think that is due to the user receiving an APIPA after an accidental reboot and was unable to reach the DHCP server (remote-network).

Network objects:

Inside-Network: 172.19.0.0/24

Remote-Network: 10.202.38.0/24

Vmware: 192.168.1.0/24

Intranet: 192.168.2.0/24

NAT Config:

nat (inside,outside) source static Inside-Network Inside-Network destination static Remote-Network Remote-Network

nat (inside,outside) source static Inside-Network Inside-Network destination static Vmware Vmware

nat (inside,outside) source static Inside-Network Inside-Network destination static Intranet Intranet

nat (any,outside) after-auto source dynamic any interface

I appreciate my NAT commands may be incorrect as i'm only just starting to familiarise myself with 9.1.

Any suggestions are most welcome.

1 REPLY
Bronze

ASA 9.1 NAT Issue

Hello,

Your NAT rules look good.

How did you test the NAT?

You can use packet tracer to confirm it is configured correctly:

 packet-tracer input [src_int] protocol src_addr src_port dest_addr  dest_port 

Example:

packet input inside tcp 172.19.0.5 1025 192.168.1.5 80

Regards,

Felipe.


Remember to rate useful posts.
120
Views
0
Helpful
1
Replies
CreatePlease to create content