Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
729
Views
0
Helpful
4
Replies

Cisco asa5540 8.2 no PAT

Go to solution
Christos Papageorgopoulos
Level 1
Level 1

‎09-04-2012 08:47 AM - edited ‎03-11-2019 04:49 PM

Dear all,

I'm newbie with the asa family.

I have a cisco ASA 5540 and i cant make a simple PAT (many private IP to one public IP). Below you can find my conf.

interface GigabitEthernet0/0.310

vlan 310

nameif dmz-vl310

security-level 50

ip address 192.168.250.1 255.255.255.224

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address x.x.x.157 255.255.255.224

nat (dmz-vl310) 1 192.168.250.0 255.255.255.224

global (outside) 1 x.x.x.131

and the results by typing the command below are:

packet-tracer input dmz-vl310 icmp 192.168.250.5 0 8 173.194.34.17

Phase: 6

Type: NAT

Subtype:

Result: DROP

Config:

nat (dmz-vl310) 1 192.168.250.0 255.255.255.224

  match ip dmz-vl310 192.168.250.0 255.255.255.224 outside any

    dynamic translation to pool 1 (x.x.x.131)

    translate_hits = 1, untranslate_hits = 0

Additional Information:

Result:

input-interface: dmz-vl310

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

but on my firewall rule all is open. Can someone to help me, what kind of error i make?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Christos Papageorgopoulos

‎09-04-2012 09:09 AM

Hello Christos,

That is great, please post the answer and mark the question as answered so future users can learn from you

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Christos Papageorgopoulos
Level 1
Level 1

‎09-04-2012 09:08 AM

Dear all,

Problem was resolved.

thanks

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Christos Papageorgopoulos

‎09-04-2012 09:09 AM

Hello Christos,

That is great, please post the answer and mark the question as answered so future users can learn from you

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Christos Papageorgopoulos
Level 1
Level 1
In response to Julio Carvajal

‎09-04-2012 09:18 AM

Hello Julio,

Actualy there is not problem! packet-tracer show a problem with the access-list but i connected a pc behind the lan and all is working correctly.

thank you and sorry for the inconvenience,

Chris

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Christos Papageorgopoulos

‎09-04-2012 09:34 AM

Hello Christos,

Great, thank you for that information

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card