cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1008
Views
5
Helpful
20
Replies

ASA 5520 NAT Failing

rcoote5902_2
Level 2
Level 2

Reposting in a new thread since the old one seems to have died...

I'm migrating from a PIX 515 to an ASA 5520. The config was created using the PIX to ASA migration tool. The ASDM Packet Tracer shows outbound traffic failing due to NAT.

Config

nat (inside) 1 0.0.0.0 0.0.0.0

match ip inside any outside any

dynamic translation to pool 1 (199.216.81.20)

translate_hits = 971, untranslate_hits = 74

The old PIX config:

global (outside) 1 199.216.81.20

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

The new ASA config:

global (outside) 1 199.216.81.20 netmask 255.255.255.255

nat (inside) 1 0.0.0.0 0.0.0.0

Any thoughts on why it might be failing?

Rob

20 Replies 20

"Ever see Office Space? This ASA is looking more and more like the fax machine from that movie... :)"

Is that a movie ? - never seen it but don't despair.

172.16.130.67 is part of the management vlan. What happens if you ping from an internal IP address that is not part of the management vlan. Is this possible ?

Jon

Yes it's a movie and I recommend it. :)

Now some good news - I can surf from our remote sites on other subnets. Jon thank you for suggesting that. Some progress!

What do I need to change to allow 172.16.128.0/22 ?

Robert

"What do I need to change to allow 172.16.128.0/22 ?"

Not sure to be honest. Is there a reason why you want the management vlan to be able to access the Internet as the management vlan is primarily for managing the ASA device not providing access ?

Office Space - okay if i can find it i'll have a look but it had better be good :-)

Jon

It's not actually the management vlan it's the subnet of our main office where the device is housed. I was using that to remote configure the device.

Ultimately I need to change the ip/subnet/vlan of the management interface.

Robert

I suspect the issues you are experiencing are to do with the fact you are using the management interface.

It's times like these i wish i had an ASA device to play with :-)

Jon

Jon,

Well, I removed all references to that management interface - shut it right down and unplugged it.

I remain able to surf at our remote sites, but not here at the central office.

Rob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: