10-06-2008 04:05 AM - edited 03-11-2019 06:53 AM
Hi all,
I have the following configuration:
!
!
interface GigabitEthernet0/3.11
vlan 2
nameif CLIENT
security-level 0
ip address 172.18.0.1 255.255.255.0
!
!
access-list LAN_pnat_outbound_V15 extended permit ip any host 192.168.0.10
!
!
global (LAN-NETSERVICES) 2 interface
!
!
nat (LAN) 11 access-list LAN_pnat_outbound_V15
When I try to access the ip 192.168.0.10, the ASA shows me the message: "portmap translation creation failed for tcp src LAN:10.10.10.50/3684 CLIENT: 192.168.0.10/80"
I think its all configured properly, and I dont know whats is happening.
I dont know what to do anymore...
Please help me
Thanks
Tauer
10-06-2008 06:11 AM
The error tells me that 192.168.0.10 lie on " CLIENT " interface.
Put a global for client interface.
global (CLIENT) interface.
Should work.
Do rate helpful posts.
Regards,
Sushil
10-06-2008 06:54 AM
Don't forget the '11'.
global (CLIENT) 11 interface
10-06-2008 06:55 AM
interface GigabitEthernet0/3.11
vlan 2
nameif CLIENT
security-level 0
ip address 172.18.0.1 255.255.255.0
!
!
access-list LAN_pnat_outbound_V15 extended permit ip any host 192.168.0.10
!
!
global (CLIENT) 11 interface
!
!
nat (LAN) 11 access-list LAN_pnat_outbound_V15
and its NOT working...
please help
10-06-2008 06:57 AM
I can NAT on others interfaces, with anothers pools....
I think i got to clear somethings, or restart any services, because, everything is right....
i did a lot of things and nothing solve this...
Thanks
10-06-2008 08:00 AM
Issue :
cl xlate
cl local
Regards,
Sushil
10-06-2008 08:07 AM
Hi,
I put the command cl xlate, but its still not working.
I'm afraid to issue the command "cl local". What will this command do? Will it to erase some configuration?
Thanks
Tauer
10-06-2008 12:45 PM
Hi...
I would some clarify, if its possible.
I have the configuration:
interface GigabitEthernet0/3.12
vlan 3
nameif PARTNER
security-level 0
ip address 172.16.0.1 255.255.255.0
!
access-list LAN_pnat_outbound_V13 extended permit ip 172.18.0.0 255.255.255.0 any
!
global (PARTNER) 3 interface
!
nat (LAN) 3 access-list LAN_pnat_outbound_V13
With this configuration, I NAT all IP within network 172.18.0.0 255.255.255.0, to any address on interface PARTNER. This is working fine
########################################
but...
I have the configuration:
interface GigabitEthernet0/3.11
vlan 2
nameif CLIENT
security-level 0
ip address 172.20.0.1 255.255.255.0
!
access-list LAN_pnat_outbound_V15 extended permit ip 172.18.0.0 255.255.255.0 any
!
global (CLIENT) 11 interface
!
nat (LAN) 11 access-list LAN_pnat_outbound_V15
This suppose to NAT all address on network 172.20.0.0 255.255.255.0 to any address on interface CLIENT.
This is not working.
###########################################
The questio is:
When I "show runn" the ASA shows me:
nat (LAN) 3 access-list LAN_pnat_outbound_V13
nat (LAN) 11 access-list LAN_pnat_outbound_V15
So...I tried to change the order and put:
nat (LAN) 11 access-list LAN_pnat_outbound_V15
nat (LAN) 3 access-list LAN_pnat_outbound_V13
AND it WORKED...i just do that.
I just change the order
Now please, tell me: WHY? WHY?
Why when I chenge the order the NAT works properly?
Thanks
Tauer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide