NAT issue with ASA

networker99 · ‎11-11-2011

The outside IP on an asa is 1.1.1.1/32 and we are using PAT for inside hosts to connect to the internet and all is working.

The ISP is also routing 2.2.2.2 to 1.1.1.1, and we have a 1 to 1 static for an inside host to that IP address, the traffic arrrives at the ASA outside interface but is not getting though the the inside host

Any ideas? this was working previoulsy

Maykol Rojas · ‎11-11-2011

Hello,

What version are you running?

Mike

networker99 · ‎11-11-2011

8.2(1)

Maykol Rojas · ‎11-11-2011

If you place a capture on the receiving interface, do you see the traffic being routed correctly to the ASA?

access-list cap permit tcp any host 2.2.2.2

access-list cap permit tcp host 2.2.2.2 any

capture test interface access-list cap

Send traffic and then do show cap cap and see if the packets are reaching, if yes but still does not work, please do the following

packet-tracer input tcp 4.2.2.2 1025 2.2.2.2

Check what is the result at the end, if it is being allowed or denied.

Mike

networker99 · ‎11-11-2011

Its being allowed.

Maykol Rojas · ‎11-11-2011

Did the capture showed both direction traffic?

Mike

networker99 · ‎11-11-2011

I see traffic leave, and return.. but the return traffic gets to teh ASA but not the server

Maykol Rojas · ‎11-11-2011

If you put a capture on the server itself, are you able to see the traffic there?

Mike