Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
0
Replies

Dynamic(Hide) Nat taking precedence over static route

nsb58
Level 1
Level 1

‎06-03-2020 03:46 AM - edited ‎06-03-2020 03:53 AM

Hello Everyone - I am new to Cisco and I might use terminologies or terms that might not sound familiar to you, I apologies in advance for it. 

 

I have Cisco ASA version 9.4(4)17 Firewall with 7.8 ASDM version, I have site-to-site VPN connection to our azure site with Identity NAT enabled for VNETS through inside and outside interface. Recently, I create new VNET in azure and I am trying add it in existing VPN connection and create Identity NAT for it similar to other VNETS. 

 

I create NAT with the following settings similar to other VNET NAT, I can reach my on-prem network fine but I cannot ping VNET from on-prem network. I have Dynamic (Hide) NAT (see below) which is sitting at the end of NAT Rule table, if I move the rule above Dynamic rule I can reach Azure site but then my internal DNS stops working and if I move the rule below Dynamic it is hitting Dynamic (hide) NAT and the packets are dropped. Does anyone know why this is happening.

 

VNET NAT Rule                                                                                            

Capture.PNG

Dynamic(hide) NAT

Capture2.PNG

Rule Order

Capture3.PNG

Packet Trace Result 

Capture4.PNG

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents