11-25-2010 02:18 AM
I have setup a small lan at 192.168.30.x and configured anytime clients on 192.168.31.x, also when i get this to work i will have a remote network over a ipsec tunnel at 192.168.1.x, I want 30.x ips nated when accessing internet (31.x, 1.x don't need internet). I haven't used nat in cisco switches before so i'm a bit lost,
object network Net30
range 192.168.30.5 192.168.30.36
object network Net30
nat (inside,outside) dynamic interface
This is what i have placed in my config to nat 30.x, but when i did 31.x ip's stopped working, and "Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.31.11 dst inside:192.168.30.5 (type 8, code 0) denied due to NAT reverse path failure" turns up in the log files , i have tried a few different setups and also tried to find config examples on the net, but they are mostly for pre asa8.3, please help, full config attached (brbly with a few junk lines from many hours of fiddling)
Solved! Go to Solution.
11-25-2010 02:44 PM
On top of the NAT that you already configured, you also need the following NAT exemption:
object network obj-192.168.31.0
subnet 192.168.31.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.30.0
subnet 192.168.30.0 255.255.255.0
nat (inside,outside) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.31.0 obj-192.168.31.0
nat (inside,outside) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.1.0 obj-192.168.1.0
And of course "clear xlate" after the above changes.
Hope that helps.
11-25-2010 02:44 PM
On top of the NAT that you already configured, you also need the following NAT exemption:
object network obj-192.168.31.0
subnet 192.168.31.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.30.0
subnet 192.168.30.0 255.255.255.0
nat (inside,outside) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.31.0 obj-192.168.31.0
nat (inside,outside) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.1.0 obj-192.168.1.0
And of course "clear xlate" after the above changes.
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide