cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


182
Views
0
Helpful
1
Replies
Beginner

PAT pool problems. On 6.4.x. Found known issue for 6.3. How can I do this?

2130 HA pair running 6.4.0.1.

 

I am setting up outgoing NAT/PAT. There are several internal interfaces with their own private subnets. My intent is to IP masquerade all outgoing connections from internal private subnet A to a pool of public IP's on my external interface using a PAT pool without round robin.

 

I configured the first internal subnet to do Auto dynamic NAT with the interface object defined for source and destination and set the Translated Object to be "Address" and put in the IP address of the external interface. By setting it to "Address" versus "Destination interface IP" it enabled the checkbox to enable a PAT pool. 

However when I go to save the config it errors out with this text

 

 

 

"Translated Source or Original Destination network IP address cannot overlap with Interface Ip address 

IP address overlap configurations observed for following interface configurations :

Interface Object [outside] having interfaces [outside] of device FTDv1

Specify Interface Object or specify an alternate IP address for Network Translation"

This is puzzling since of course the Translated address need to be defined on a firewall interface right?

 

I found this KB article referencing 6.3.0 which seems to indicate it is a bug, but it still doesnt work in 6.4.0.1

 

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvo68820

 

The only way I could get any sort of NAT to work was to do Auto Dynamic and not choose Address for the Translated field but use "Destination interface IP". But then PAT Pool is greyed out!

 

So at this point, all I can do is setup multiple rules that define the internal source private subnets/interfaces to NAT to the single external interface IP. 

 

But what I want is the following

Internal Private Subnet A -->  PAT pool of public ip's on the external interface public /23 subnet. X.X.X.1-X.X.X.4

Internal Private Subnet B -->  NAT/PAT to a different public ip on the external interface public /23 X.X.X.5

Internal Private Subnet C --> NAT/PAT to a different public ip on the external interface public /23 X.X.X.6

 

Appreciate any insights

1 REPLY 1
Beginner

Re: PAT pool problems. On 6.4.x. Found known issue for 6.3. How can I do this?

I think I may have figured this out. Here is what I did

 

 

On the Translation tab, I set the Translated Packet to "Address" but then just left it blank. Then went to the PAT Pool tab and set PAT to Address and selected an Object with a range of sequential public IP's

 

Is that the solution?