Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asa 5505 as router

Hi,

i have an asa 5505 setup as a default router for my network inside address 192.168.32.254. I want to route traffic for 192.168.251.0 to a diffrent inside host 192.168.32.205

I included traffice from 192.168.32.0 to 192.168.251.0 in my nat exempt list

I have setup a route route inside 192.168.251.0 255.255.255.0 192.168.32.205

i get no translation group error for traffic from 192.168.32.x to 192.168.251.x

a packet trace gives me

packet-tracer input inside icmp 192.168.32.207 0 0 192.168.251.6

Phase: 1

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 2

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 192.168.251.0 255.255.255.0 inside

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 192.168.32.0 255.255.255.0 inside

Phase: 4

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

Phase: 5

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: INSPECT

Subtype: np-inspect

Result: ALLOW

Config:

Additional Information:

Phase: 7

Type: NAT-EXEMPT

Subtype:

Result: ALLOW

Config:

nat (inside) 0 access-list acl_no-nat

match ip inside 192.168.32.0 255.255.255.0 inside 192.168.251.0 255.255.255.0

NAT exempt

translate_hits = 1, untranslate_hits = 0

Additional Information:

Phase: 8

Type: NAT

Subtype:

Result: ALLOW

Config:

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 165, untranslate_hits = 0

Additional Information:

Phase: 9

Type: NAT

Subtype: host-limits

Result: ALLOW

Config:

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 165, untranslate_hits = 0

Additional Information:

Phase: 10

Type: NAT

Subtype: rpf-check

Result: DROP

Config:

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 165, untranslate_hits = 0

Additional Information:

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

Can sombody help me out with this ?

2 REPLIES
Gold

Re: asa 5505 as router

is the following command configured:

same-security-traffic permit intra-interface

New Member

Re: asa 5505 as router

yes same-security-traffic permit intra-interface is enabled

325
Views
0
Helpful
2
Replies