ASA 9.1 NAT Issue

nigel doe · ‎02-18-2014

Hi guys,

Strange NAT issue on my ASA 5512 (9.1). I have a site to site VPN set up between two sites and have configured multiple NAT exemption rules and a dynamic NAT rule, NAT'd traffic is for any traffic not exempt. Testing to the remote-network was only partially successful as I was only able to verify connectivity to the mail server, drive mappings constantly failed even though the reside on the same subnet. NAT also failed completely during testing although I think that is due to the user receiving an APIPA after an accidental reboot and was unable to reach the DHCP server (remote-network).

Network objects:

Inside-Network: 172.19.0.0/24

Remote-Network: 10.202.38.0/24

Vmware: 192.168.1.0/24

Intranet: 192.168.2.0/24

NAT Config:

nat (inside,outside) source static Inside-Network Inside-Network destination static Remote-Network Remote-Network

nat (inside,outside) source static Inside-Network Inside-Network destination static Vmware Vmware

nat (inside,outside) source static Inside-Network Inside-Network destination static Intranet Intranet

nat (any,outside) after-auto source dynamic any interface

I appreciate my NAT commands may be incorrect as i'm only just starting to familiarise myself with 9.1.

Any suggestions are most welcome.

lcambron · ‎02-18-2014

Hello,

Your NAT rules look good.

How did you test the NAT?

You can use packet tracer to confirm it is configured correctly:

 packet-tracer input [src_int] protocol src_addr src_port dest_addr  dest_port 

Example:

packet input inside tcp 172.19.0.5 1025 192.168.1.5 80

Regards,

Felipe.

 
Remember to rate useful posts.