We currently have ASA's running 8.2(11) and I'm finding when we try and nat (outside to inside) the ASA does a route lookup and even though it's supposed to NAT, it then trys to route the connection back out the outside interface...
Although it's configure to NAT 10.2.2.2 to 10.3.3.3, it first does a route lookup and drops the packet as it sees the destination as the outisde interface:
Many thanks. 10.2.2.2 does route to the outside, and 10.3.3.3 to the inside.
10.1.2.3 is outside, 10.2.2.2 is outside and 10.3.3.3 inside.
I did try and put a static route for 10.2.2.2 inside, but then the ASA doesn't even try and NAT. If a static NAT is configured, I would have thought the ASA will automatically take care of the routing following the NAT.
The above rule indicate that outside host 10.2.2.2 is seen inside as 10.3.3.3 i.e From the inside you can access this host with IP 10.3.3.3 and from the outside with IP 10.2.2.2
In other words, If you send packets to 10.3.3.3, the ASA should send them to the inside, but if you send it to 10.2.2.2, the ASA will send it to the outside (not only because the NAT rule, but because the routing table).
Please let me know what is that you're trying to do exactly.
Many thanks - I so hope I've not put the static statement the wrong way around. I'll check as soon as I can get back on the box and will get back to you.
What am I trying to achieve: I want to host a virtual range (10.2.2.0/24) on the ASA and use one-to-one NAT to translate 10.2.2.x to 10.3.3.x, where the 10.3.3.0/24 network is situated inside the network.
Again, many thanks for the pointer and I hope it's as simple as that.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :