Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT for multiple private subnets

I have an ASA5510 for internet access. On the private side, it is on the same LAN as a 2800 series router with multiple GE interfaces, running two subnets. I want to NAT both the subnets from the 2800 series to the ASA5510 using a single dynamic NAT pool.

I can configure one or the other on the the ASA, but not both it seems.

Error is "portmap translation creation failed" for either subnet.

2 REPLIES
Hall of Fame Super Blue

Re: NAT for multiple private subnets

Hi

So does your config look something like this ?

ciscoasa(config)# sh running-config nat

nat (inside) 1 192.168.5.0 255.255.255.0

nat (inside) 1 192.168.6.0 255.255.255.0

ciscoasa(config)# sh run

ciscoasa(config)# sh running-config global

global (outside) 1 172.16.5.1-172.16.5.254 netmask 255.255.255.0

Jon

New Member

Re: NAT for multiple private subnets

Here is what it looks like (IP addresses omitted)

ASA5510Primary# sho running-config nat

nat (INSIDE) 0 access-list INSIDE_nat0_outbound

nat (INSIDE) 15 10.100.1.0 255.255.255.0

nat (INSIDE) 15 172.16.1.0 255.255.255.0

nat (DMZ01) 20 10.100.2.0 255.255.255.0

ASA5510Primary# sho running-config global

global (OUTSIDE) 15 X.X.X.X-X.X.X.X netmask 255.255.255.X

global (OUTSIDE) 30 X.X.X.X-X.X.X.X netmask 255.0.0.0

global (OUTSIDE) 10 interface

global (OUTSIDE) 20 X.X.X.X netmask 255.255.255.X

When I add nat (INSIDE) 15 10.100.1.0 255.255.255.0 I start receiving the portmap translation creation failed errors.

It works fine if only one of the nat (INSIDE) statements is present though.

168
Views
0
Helpful
2
Replies