Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT doesn't work

Hello all,

I've a problem that is making me crazy.. I've configured a lot of PIX and ASA v. 7, now I'm configuring for the first time an ASA with sw 8.2.

The config that I want to make is very simple: dynamic NAT for the inside client and some static for the server.

The problem is that when I configure the static for the server they don't work and the server stop to surf internet.

my wan side network is xx.xxx.32.59/29 and inside 192.168.9.0/24, the ip assigned to the asa is xx.xxx.32.62 and the wan router of our provider xx.xxx.32.57.

This is the config that I've put:

access-list nat0 extended permit ip 192.168.9.0 255.255.255.0 10.0.9.0 255.255.255.0
access-list acl_out extended permit icmp any any
access-list acl_out extended permit ip MILAN-WAN 255.255.255.224 xx.xxx.32.56 255.255.255.248
access-list acl_out extended permit tcp any host xx.xxx.32.60 object-group Polycom
access-list acl_out extended permit udp any host xx.xxx.32.60 object-group Polycom

nat (inside) 0 access-list nat0
nat (inside) 1 192.168.9.0 255.255.255.0

static (inside,outside) xx.xxx.32.59 192.168.9.106 netmask  255.255.255.255

static (inside,outside) xx.xxx.32.61 192.168.9.101 netmask  255.255.255.255

static (inside,outside) xx.xxx.32.60 192.168.9.33 netmask  255.255.255.255


access-group acl_out in interface outside

route outside 0.0.0.0 0.0.0.0 xx.xx.32.57 1

What's wrong?

Thanks,

   Fabio

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NAT doesn't work

Nothing is wrong as far as the configuration is concern.

Just double check that the router has the mac address of the ASA outside interface for all the virtual ip addresses that you configured on the static NAT statements.

Most times, clear arp on the router OR/ reloading the internet router resolve the issue.

Lastly, I assume that you have not turned off proxy arp on the ASA outside interface. Check "sh run all sysopt", and you should see "no sysopt noproxyarp outside" command.

Hope that helps.

2 REPLIES
Cisco Employee

Re: NAT doesn't work

Nothing is wrong as far as the configuration is concern.

Just double check that the router has the mac address of the ASA outside interface for all the virtual ip addresses that you configured on the static NAT statements.

Most times, clear arp on the router OR/ reloading the internet router resolve the issue.

Lastly, I assume that you have not turned off proxy arp on the ASA outside interface. Check "sh run all sysopt", and you should see "no sysopt noproxyarp outside" command.

Hope that helps.

New Member

Re: NAT doesn't work

Thanks, adding "no sysopt noproxyarp outside" has solved my problem!

187
Views
0
Helpful
2
Replies