cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2374
Views
0
Helpful
5
Replies

ASA 5515 9.4 NAT Conundrum

artemis88
Level 1
Level 1

All,

 

I've recently started to configure a NAT'ing policy for a cisco ASA 5515 (using FirePower) and I have run into some seriously odd issues.  Here's the basic scope.

Physical Config:

single upstream (1 Public in a /26) link on ASA rest are downstream

 

I have multiple Public IPs statically being NAT'd to Multiple private IPs within the network.  They exist in the /26 but do not exists in the configuration of any interfaces.

I want to specifically NAT all outgoing traffic to a single IP as the primary internet drain. (again inside the /26 but no on the outgoing interface)

There are two weird things happening :

1. My basic intrinsic NAT for internet drain does not function unless I modify the global_access access list which is not something I want to do.

2.  I have my basic NAT set as a static not a dynamic yet it still functions as a dynamic PAT on a single IP.

 

The 9.4 NAT documentation seems rather confused on how to proper attain this.  Does anyone have any suggestions.  I'm rather stumped.  As based on the Documentation my config should not even work.

 

Thank you,

 

NOTE I can provide a heavily obfuscated Config.

 

Just wondering if people have Seen this issue.  The documentation is rife with contradictions and false leads as to what my issue is.

Thank you,

 

 

 

5 Replies 5

Andre Neethling
Level 4
Level 4

Post the config please?