We had an issue today at one of the unmanned locations. When the local tech went on site he was not able to reach anything on the internet. I started troubleshooting and noticed no entries in the xlate table. The NAT statements were all correct so this was rather puzzling.
I proceeded to stare and compare this site with a working one. I noticed that some inspection, service-policy and global-policy statements were missing. I knew that inspection shouldn't be a culprit of this but i went ahead and pasted in everything that was missing:
policy-map type inspect dns preset_dns_map
message-length maximum 512
inspect dns preset_dns_map
service-policy global_policy global
After config was applied entries in the xlate table started to generate and everything was good.
Now I did some research on the internet but couldn't find an answer to my question. Can somebody help me understand which line exactly fixed this issue (I know it wasn't the inspection that I applied)? Does this have to do with missing service-policy that points to global_policy statement?
Without knowing what commands you had previously and what was exactly added after, we cannot say which command fixed the issue.
You can apply the commands one per line to see what command fixed your issue if you want to do that, but this will require you to remove the syntax first; which can cause service interruption.
I suggest reading the ASA NAT Implementation Guide to get an understanding of ASA NAT, which I think will be more helpful.
Well we know exactly what I added...Its in the body of my original post...
Obviously I can't remove those commands now and add them line by line because that would break internet for the site...
I already read through the link you mentioned. There is nothing there in regards to the commands I applied to fix this issue.
Provide following information:
>> ASA version.
>> Mode: routed/transparent?
>> single/multiple context?
>> failover/ standalone?