Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

I have a very strange NAT situation

I have two desktops in one  department on one side of an ASA 5505 natted thru to addresses on the other side of the firewall

The ACLs allows ICMP in both directions.  I can remote desktop to one desktop and not the other.  I can ping the same desktop

and not the other.  Has anyone seen this?  Is there a limit to the number of NAT Statements allowed?

6 REPLIES

Re: I have a very strange NAT situation

Hi,

There's a limit for the amount of translations but we are talking hundreds.

If you can access one machine but not the other is either two things:

1. Problem with the computer itself (not having default gateway for example or not allowing RD)

2. Misconfiguration on the ASA.

Can you RD to the machine from the same segment where it resides?

Federico.

New Member

Re: I have a very strange NAT situation

I can remote desktop into both computers when I am on a computer on their side of the firewall.

Computer 1 with an ip of 192.168.1.237 can be pinged, but Computer 2 with an ip of 192.168.1.238 can not.

They are both statically natted through the ASA 5505 to addresses 10.54.209.237 and 10.54.209.238 respectively. I have modified the ACL's to permit IP, TCP, UDP, GRE and ICMP to both those addresses.

Computer 1 is reachable, computer 2 is not.

Cisco Employee

Re: I have a very strange NAT situation

1) Can you share the configuration of the ASA?

2) How are these desktops connected? through a switch with VLAN? OR/ switchport on the ASA?

3) Default gateway sets on the desktop which doesn't work, is it the same as the other desktop?

Cisco Employee

Re: I have a very strange NAT situation

Hello,

Make sure you have the 2nd PC responding correctly. The best way to check if the ASA is actually getting  packets on its outside interface for the perticular connection or not is via packet captures.

Also, if you have ASA with 7.2 or higher code, you can use packet-tracer to verify the connectivity. Make sure, the hops (router etc) have allowed the connection to IP address of second PC.

Thanks,

Vijaya

New Member

Re: I have a very strange NAT situation

Thank you for your response. It turned out the default gateway was wrong on the PC that did not respond.

New Member

Re: I have a very strange NAT situation

Thank you for your response. It turns out the default gateway was wrong on the PC that did not work.

206
Views
0
Helpful
6
Replies