Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

NAT not NATTING

Morning,

Well, we tried. But we were unsuccessful. In the last steps of moving our data center, we moved our default route from our old PIX-525 (6.2.3) to the FWSM (4.0.1). So everything looked good. Those hitting the proxy were still working for surfing, but those things that do not use the proxy did not. Things like the mainframe FTP, those who bypass the proxy, etc. Seems they were not NATTING. The xlate table showed the inside 10.0.X.X network was going to the internet as 10.0.X.X. Our global NAT statement is: NAT (Inside) 1 0.0.0.0 0.0.0.0. Should work right??? Any ideas?

We backed out the change.

2 REPLIES

Re: NAT not NATTING

1 thing could be - you probably missed the command :- nat-control

with no nat-control - all traffic passes thru the device un-natt'd!

Configure "nat-control" and test again?

The other thing, that you have not posted up is the global (outside) 1 "x" or "y"

x = interface

y = a specific IP address

HTH.

New Member

Re: NAT not NATTING

We do have the global statements on the outside (we called it Internet).

We found the issue. The PAT command was wrong. it was global (Internet) 2 198.185.66.249 Should have been global (Internet) 1 198.185.66.249.

We figured it out when we saw 5 devices getting out on the NAT commands and then nothing more. Ran out of addresses.

It's always something simple...

Thanks.

Jim

120
Views
5
Helpful
2
Replies
CreatePlease to create content