09-17-2007 08:29 AM
I have an ASA5510 for internet access. On the private side, it is on the same LAN as a 2800 series router with multiple GE interfaces, running two subnets. I want to NAT both the subnets from the 2800 series to the ASA5510 using a single dynamic NAT pool.
I can configure one or the other on the the ASA, but not both it seems.
Error is "portmap translation creation failed" for either subnet.
09-17-2007 09:23 AM
Hi
So does your config look something like this ?
ciscoasa(config)# sh running-config nat
nat (inside) 1 192.168.5.0 255.255.255.0
nat (inside) 1 192.168.6.0 255.255.255.0
ciscoasa(config)# sh run
ciscoasa(config)# sh running-config global
global (outside) 1 172.16.5.1-172.16.5.254 netmask 255.255.255.0
Jon
09-18-2007 04:07 AM
Here is what it looks like (IP addresses omitted)
ASA5510Primary# sho running-config nat
nat (INSIDE) 0 access-list INSIDE_nat0_outbound
nat (INSIDE) 15 10.100.1.0 255.255.255.0
nat (INSIDE) 15 172.16.1.0 255.255.255.0
nat (DMZ01) 20 10.100.2.0 255.255.255.0
ASA5510Primary# sho running-config global
global (OUTSIDE) 15 X.X.X.X-X.X.X.X netmask 255.255.255.X
global (OUTSIDE) 30 X.X.X.X-X.X.X.X netmask 255.0.0.0
global (OUTSIDE) 10 interface
global (OUTSIDE) 20 X.X.X.X netmask 255.255.255.X
When I add nat (INSIDE) 15 10.100.1.0 255.255.255.0 I start receiving the portmap translation creation failed errors.
It works fine if only one of the nat (INSIDE) statements is present though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide