Dynamic NAT rule on second interface breaks first interface NAT
I have a Cisco ASA 5510 and i'm trying to add a dynamic NAT rule on a sub-interface so that internet traffic will work. When i add the rule it is breaking VoIP inbound calls on a different sub-interface. The VoIP is setup using Asterisk and Sipgate and is working via dynamic nat as there is no inbound rules for it.
Below is more detail on the setup
the 'inside' interface is where the Asterisk server is located.
ip address *.*.*.161 255.255.255.255
no ip address
ip address 192.168.1.254 255.255.255.0
ip address 22.214.171.124 255.255.0.0
With the following NAT rules setup for the inside interface:
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
and this works except no internet access on the inside2 interface, i need to add the following rule:
Re: Dynamic NAT rule on second interface breaks first interface
I would suggest "sh xlate detb | i *.*.*.161" and "sh conn detail | i *.*.*.226" while the issue is happening. And also a "debug sip".
Those will show what connections and xlates are set for these ip addresses nd what pinholes are opened dynamically.
also a test to try would be to make your nats (inside) and (inside2) more explicit so they only contain the subnets for the internal hosts behind these interfaces only. Because sometimes overlapping nats could relate to pinholes not opened properly with inspections.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :