https://community.cisco.com/t5/network-security/asa-9-1-nat-issue/m-p/2487181#M269359 <P>Hi guys,</P><P></P><P>Strange NAT issue on my ASA 5512 (9.1). I have a site to site VPN set up between two sites and have configured multiple NAT exemption rules and a dynamic NAT rule, NAT'd traffic is for any traffic not exempt. Testing to the remote-network was only partially successful as I was only able to verify connectivity to the mail server, drive mappings constantly failed even though the reside on the same subnet. NAT also failed completely during testing although I think that is due to the user receiving an APIPA after an accidental reboot and was unable to reach the DHCP server (remote-network).</P><P></P><P>Network objects:</P><P>Inside-Network: 172.19.0.0/24</P><P>Remote-Network: 10.202.38.0/24</P><P>Vmware: 192.168.1.0/24</P><P>Intranet: 192.168.2.0/24</P><P></P><P>NAT Config:</P><P>nat (inside,outside) source static Inside-Network Inside-Network destination static Remote-Network Remote-Network</P><P>nat (inside,outside) source static Inside-Network Inside-Network destination static Vmware Vmware</P><P>nat (inside,outside) source static Inside-Network Inside-Network destination static Intranet Intranet</P><P>nat (any,outside) after-auto source dynamic any interface</P><P></P><P>I appreciate my NAT commands may be incorrect as i'm only just starting to familiarise myself with 9.1.</P><P></P><P>Any suggestions are most welcome.</P> Tue, 12 Mar 2019 03:47:09 GMT nigel doe 2019-03-12T03:47:09Z https://community.cisco.com/t5/network-security/asa-9-1-nat-issue/m-p/2487181#M269359 <P>Hi guys,</P><P></P><P>Strange NAT issue on my ASA 5512 (9.1). I have a site to site VPN set up between two sites and have configured multiple NAT exemption rules and a dynamic NAT rule, NAT'd traffic is for any traffic not exempt. Testing to the remote-network was only partially successful as I was only able to verify connectivity to the mail server, drive mappings constantly failed even though the reside on the same subnet. NAT also failed completely during testing although I think that is due to the user receiving an APIPA after an accidental reboot and was unable to reach the DHCP server (remote-network).</P><P></P><P>Network objects:</P><P>Inside-Network: 172.19.0.0/24</P><P>Remote-Network: 10.202.38.0/24</P><P>Vmware: 192.168.1.0/24</P><P>Intranet: 192.168.2.0/24</P><P></P><P>NAT Config:</P><P>nat (inside,outside) source static Inside-Network Inside-Network destination static Remote-Network Remote-Network</P><P>nat (inside,outside) source static Inside-Network Inside-Network destination static Vmware Vmware</P><P>nat (inside,outside) source static Inside-Network Inside-Network destination static Intranet Intranet</P><P>nat (any,outside) after-auto source dynamic any interface</P><P></P><P>I appreciate my NAT commands may be incorrect as i'm only just starting to familiarise myself with 9.1.</P><P></P><P>Any suggestions are most welcome.</P> Tue, 12 Mar 2019 03:47:09 GMT https://community.cisco.com/t5/network-security/asa-9-1-nat-issue/m-p/2487181#M269359 nigel doe 2019-03-12T03:47:09Z https://community.cisco.com/t5/network-security/asa-9-1-nat-issue/m-p/2487182#M269363 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Your NAT rules look good.</P><P>How did you test the NAT?</P><P>You can use packet tracer to confirm it is configured correctly:</P><P></P><PRE><CODE> packet-tracer input [src_int] protocol src_addr src_port dest_addr&nbsp; dest_port <BR /><BR />Example:<BR /><BR />packet input inside tcp 172.19.0.5 1025 192.168.1.5 80<BR /><BR />Regards,<BR /><BR />Felipe.<BR /><BR /> <BR />Remember to rate useful posts. </CODE></PRE></BODY></HTML> Wed, 19 Feb 2014 00:57:57 GMT https://community.cisco.com/t5/network-security/asa-9-1-nat-issue/m-p/2487182#M269363 lcambron 2014-02-19T00:57:57Z