Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Natting issue


I have 1 ASA connected with L3 3550 switch in L3 mode. In ASA natting for inside & global outside is configured with proper static routing.

ENd user is being assigned with manual ip. The problem is whenever any end machine comes up in the network automatically it is natted with a public ip from global ip pool configured in the asa.

I blocked the netwbios ports in the switch using acl but still the problem persists.

any suggestion plz..

New Member

Re: Natting issue

if you dont mind post your config.


S.mohana sundaram

New Member

Re: Natting issue



interface GigabitEthernet0/0

description @@@ Connected with Router Gig 0/0/1 @@@

nameif outside

security-level 0

ip address


interface GigabitEthernet0/1

description @@@ Connected with Core Switch @@@

nameif inside

security-level 100

ip address


interface GigabitEthernet0/2

description @@@ DMZ ZONE @@@

nameif dmz

security-level 50

ip address

access-list 110 permit tcp any any eq 53

access-list 110 permit udp any any eq 53

access-list 110 permit tcp any any eq 80

access-list 110 permit tcp any any eq 443

access-list 110 permit tcp any any eq 25

access-list 110 permit tcp any any eq 110

access-list 110 permit icmp any any eq echo-reply

global (outside) 1 netmask

nat (inside) 1

access-group 110 in inerface outside

access-group 110 in inerface inside

access-group 110 in inerface dmz

route outside 1

route inside


L3 Switch:

Int vlan 2

ip address

Int gi0/7

no switchport

ip address

description ### connected with firewall ###

ip route

Re: Natting issue

based on ur config anydevice in network want to go to the internet will use any available ip in ur pool

what u want to do exactly ?

New Member

Re: Natting issue

The problem is: whenever any machine comes up with IP, it automatically gets natted & being asigned a free public ip from the pool.

If i want to access internet then only it should be natted. But in my case if a ping a local machine in the lan, then also using "sh xlate" command i can see that my local ip has been natted with a public ip.