NAT not NATTING

jphilope · ‎06-04-2008

Morning,

Well, we tried. But we were unsuccessful. In the last steps of moving our data center, we moved our default route from our old PIX-525 (6.2.3) to the FWSM (4.0.1). So everything looked good. Those hitting the proxy were still working for surfing, but those things that do not use the proxy did not. Things like the mainframe FTP, those who bypass the proxy, etc. Seems they were not NATTING. The xlate table showed the inside 10.0.X.X network was going to the internet as 10.0.X.X. Our global NAT statement is: NAT (Inside) 1 0.0.0.0 0.0.0.0. Should work right??? Any ideas?

We backed out the change.

andrew.prince · ‎06-04-2008

1 thing could be - you probably missed the command :- nat-control

with no nat-control - all traffic passes thru the device un-natt'd!

Configure "nat-control" and test again?

The other thing, that you have not posted up is the global (outside) 1 "x" or "y"

x = interface

y = a specific IP address

HTH.

jphilope · ‎06-04-2008

We do have the global statements on the outside (we called it Internet).

We found the issue. The PAT command was wrong. it was global (Internet) 2 198.185.66.249 Should have been global (Internet) 1 198.185.66.249.

We figured it out when we saw 5 devices getting out on the NAT commands and then nothing more. Ran out of addresses.

It's always something simple...

Thanks.

Jim