cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Highlighted
Community Member

ASA 9.8(1) issue with NAT Rules

object network GUEST-INTERNET

subnet 10.205.64.0 255.255.252.0

 

object network GUEST-INTERNET

nat (extranet,outside) dynamic xxx.xx.199.135

Auto NAT Policies (Section 2)

 

2 (extranet) to (outside) source dynamic GUEST-INTERNET xxx.xx.199.135

    translate_hits = 3536082, untranslate_hits = 32663

    Source - Origin: 10.205.64.0/22, Translated: xxx.xx.199.135/32

3 (extranet) to (inside) source dynamic VPN_USER_POOL interface

    translate_hits = 3369448, untranslate_hits = 283060

    Source - Origin: 10.254.32.0/22, Translated: 10.254.28.113/28

4 (extranet) to (outside) source dynamic EXTRANET_ANY interface

    translate_hits = 33130812, untranslate_hits = 62286

    Source - Origin: 0.0.0.0/0, Translated: xxx.xx.199.140/28

 

But users are still reporting to be using the xxx.xx.199.140 address when validating via whatismyip ? 

 

There must be a way to Exclude and Include ? 

      

 

2 REPLIES
VIP Purple

Re: ASA 9.8(1) issue with NAT Rules

Hi

 

Users complaining are in which subnet?

 

Can you share please the output of the following command:

 

packet-tracer in extranet tcp 10.205.64.10 8 0 8.8.8.8

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Community Member

Re: ASA 9.8(1) issue with NAT Rules

The users on the 10.205.64.0/24 subnet. 

 

We migrated to another firewall and it worked after we did. 

So something was stuck on the firewall from making it work and I didn't have a compelling reason at the time to pull out all the nats and put them all back in. 

 

I did do a clear xlate several times while testing.  

Packets were getting to the firewall just not out to the outside world. 

Thanks 

225
Views
0
Helpful
2
Replies