Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Static NAT problems

Hi there.

I have this very strange problem. Can someone explain me why this is happening? I have two static. One of them is working fine. But the another seems to go thoug diffrent interface (mynoc).

Config:

               

static (dmz,outside) AA AB netmask 255.255.255.255

static (dmz,outside) AAA ABB netmask 255.255.255.255

Pacet trace result

This one is chosing wrong interface?

Phase: 8
Type: NAT
Subtype:
Result: ALLOW
Config:
static (dmz,outside) AA AB netmask 255.255.255.255
nat-control
  match ip dmz host AB outside any
    static translation to AA
    translate_hits = 561, untranslate_hits = 0
Additional Information:
Static translate AB/0 to AA/0 using netmask 255.255.255.255

Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (dmz,mynoc) AA AA netmask 255.255.255.0
nat-control
  match ip dmz AB 255.255.255.0 dnoc any
    static translation to AB
    translate_hits = 833229, untranslate_hits = 189
Additional Information:


This one is working fine:

Phase: 8
Type: NAT
Subtype:
Result: ALLOW
Config:
static (dmz,outside) AAA ABB netmask 255.255.255.255
nat-control
  match ip dmz host ABB outside any
    static translation to AAA
    translate_hits = 10882, untranslate_hits = 99015
Additional Information:
Static translate ABB/0 to AAA/0 using netmask 255.255.255.255

Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (dmz,outside) AAA ABB netmask 255.255.255.255
nat-control
  match ip dmz host ABB outside any
    static translation to AAA
    translate_hits = 10882, untranslate_hits = 99015
Additional Information:

2 REPLIES
Red

Static NAT problems

Hi,

You seem to have two conflicting static:

static (dmz,mynoc) AA AB netmask 255.255.255.0

static (dmz,outside) AA AB netmask 255.255.255.255

Can you please let me know which one is correct, because the first one has a mask of /24

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Re: Static NAT problems

Sorry my mistake.

This one is correct one.

static (dmz,mynoc) AA AA netmask 255.255.255.0

static (dmz,outside) AB AA netmask 255.255.255.255

Do you have any idea?

272
Views
0
Helpful
2
Replies
CreatePlease to create content