Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5510, static NAT translation

I have a 5510 with dynamic NAT and serveral static translation.  The dynamic NAT is working fine, but for some reason I only see untranslate hits from the Static NAT translation and no translate:

   match ip inside host 192.168.24.65 outside any
    static translation to 72.233.68.6
    translate_hits = 0, untranslate_hits = 899
  match ip inside host 192.168.24.20 outside any
    static translation to 72.233.68.10
    translate_hits = 0, untranslate_hits = 572
  match ip inside any outside any
    dynamic translation to pool 1 (72.233.68.2 [Interface PAT])
    translate_hits = 7035, untranslate_hits = 58

My nat configuration is as follows:

nat (DMZ) 0 access-list no-nat
nat (DMZ) 1 0.0.0.0 0.0.0.0
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 72.233.68.5 192.168.24.5 netmask 255.255.255.255 dns
static (inside,outside) 72.233.68.6 192.168.24.65 netmask 255.255.255.255 dns
static (inside,outside) 72.233.68.10 192.168.24.20 netmask 255.255.255.255

access-list no-nat extended permit ip 192.168.24.0 255.255.255.0 10.1.24.0 255.255.255.0

Any ideas what dcould be causing this?  Client cant get thru to there servers.

1 REPLY

Re: 5510, static NAT translation

Hi,

Keep in mind that policy NAT has priority over static NAT, therefore if you have an ACL applied to a dynamic NAT statement, it will have precedence over static NATs.

Check the XLATE table and see if the servers are getting hit in the acl nonat before looking at the static.

This would explain the untranslated behavior.

Federico.

361
Views
0
Helpful
1
Replies