Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dual Outside / Single Inside NAT on 5550 8.2

Hoping someone can help me figure this one out...

Inside GE0/0 M.M.M.M---------------ASA-----------------Outside N GE1/0 N.N.N.N

                                                         ----------------Outside P GE1/1 P.P.P.P

Global (Outside N) 1 interface

Global (Outside P) 2 interface

Nat (Inside) 1 0.0.0.0 0.0.0.0

route Outside N    0.0.0.0     0.0.0.0                  N.N.N.1

route Inside          M.M.M.M 255.255.255.255    M.M.M.1

route Outside P    P.P.P.P   255.255.0.0           P.P.P.1

static (Inside, Outside N) N.N.N.X    M.M.M.X  netmask 255.255.255.255 - this one works fine

static (Inside, Outside P) P.P.P.X    M.M.M.X  netmask 255.255.255.255 - this one does NOT work

dynamc (ping) from M.M.M.X to P.P.P.X does not work

In the log, I am getting a "portmap translation creation failed for icmp src" Inside dst Outside P

On show nat I see this...

match IP Inside any Outside P any

   dynamic translation to pool 1 (No matching global)

   translate_hits = 482, untranslate_hits = 0

Help :-(


Ed

5 REPLIES

Dual Outside / Single Inside NAT on 5550 8.2

You have a global for P, but not a NAT. See if you can add-

nat (Inside) 2 0 0

New Member

Dual Outside / Single Inside NAT on 5550 8.2

CLI says "Duplicate NAT Entry"

Its a shared inside interface for both outside interfaces, that is what is throwing me for a loop.  One idea I have it to create a second physical connection on the inside, use the ASA just as two firewalls in one and move the routing back to the core switch (4510).

Dual Outside / Single Inside NAT on 5550 8.2

Share the entire configuration to see what is missing cause I also tough what Collin suggested was the issue

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

Dual Outside / Single Inside NAT on 5550 8.2

So you're running an ACTIVE/ACTIVE failover with two ASA's? Any you have shared interfaces for both 'inside' and 'outside'?

New Member

Dual Outside / Single Inside NAT on 5550 8.2

Single firewall with links from one internal private network to two external private networks.

End result seems to be that the ASA cannot do the VRF routing that is needed for this application.  I moved the routing point back to the 4510 core and just used the ASA as two independent NAT/Firewalls and it is working now.

289
Views
0
Helpful
5
Replies