Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

source address NAT not working - FWSM

I am doing a source address nat in FWSM with the following. But sniffing the packet outside FWSM, I don't see the source IP being NAT'ed. Command

static (DMZ2,DMZ3) 10.1.1.5.0 192.168.50.0 netmask 255.255.255.0

DMZ2 is where the traffic is originated and 192.168.50.x is the subnet on DMZ2. DMZ3 is the other interface whose subnet is 192.168.60.x.

The source IP after NAT'ing should be on 10.1.1.x subnet.

Whats wrong in my entry ?

6 REPLIES
New Member

Re: source address NAT not working - FWSM

Hi,

This translates the DMZ2 (192.168.50.0/24 ) to 10.1.1.0 /24 subnet when it access DMZ3. Please note that your static entry contains five octet in 10.1.1.5.0. Please use

static (DMZ2,DMZ3) 10.1.1.0 192.168.50.0 netmask 255.255.255.0

and try ,Please verify other NAT statements also

Regards

Jithesh

New Member

Re: source address NAT not working - FWSM

Yup. That was a typo. The actual config is 10.1.5.0

The source address NAT is not happening. In my case, DMZ2 is not accessing DMZ3 but it is routed out of DMZ3 to remote network couple of hops away.

I believe, this NAT statement will have bi-directional effect, i.e. traffic 'originated' from both ends.

New Member

Re: source address NAT not working - FWSM

Hi

For testing ,could you please do Static identity NAT like

static (DMZ2,DMZ3) 192.168.50.0 192.168.50.0 netmask 255.255.255.0

and make sure that all other conf are correct

Regards

Jithesh

New Member

Re: source address NAT not working - FWSM

I am not able to configure static identity NAT as it comes back saying

ERROR: duplicate of existing static.

The previous static configuration exists for actual NAT'ing to 10.x network.

New Member

Re: source address NAT not working - FWSM

Is it possible for you to remove that config & do it in this way and check the NATing. Afterwards you can replace the old config.

New Member

Re: source address NAT not working - FWSM

If I remove the old config then how will the NAT'ing happen which was actual intended (i.e. to a different IP).

213
Views
0
Helpful
6
Replies