cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
218
Views
0
Helpful
1
Replies

ASA 9.1 NAT Issue

nigel doe
Beginner
Beginner

Hi guys,

Strange NAT issue on my ASA 5512 (9.1). I have a site to site VPN set up between two sites and have configured multiple NAT exemption rules and a dynamic NAT rule, NAT'd traffic is for any traffic not exempt. Testing to the remote-network was only partially successful as I was only able to verify connectivity to the mail server, drive mappings constantly failed even though the reside on the same subnet. NAT also failed completely during testing although I think that is due to the user receiving an APIPA after an accidental reboot and was unable to reach the DHCP server (remote-network).

Network objects:

Inside-Network: 172.19.0.0/24

Remote-Network: 10.202.38.0/24

Vmware: 192.168.1.0/24

Intranet: 192.168.2.0/24

NAT Config:

nat (inside,outside) source static Inside-Network Inside-Network destination static Remote-Network Remote-Network

nat (inside,outside) source static Inside-Network Inside-Network destination static Vmware Vmware

nat (inside,outside) source static Inside-Network Inside-Network destination static Intranet Intranet

nat (any,outside) after-auto source dynamic any interface

I appreciate my NAT commands may be incorrect as i'm only just starting to familiarise myself with 9.1.

Any suggestions are most welcome.

1 Reply 1

lcambron
Participant
Participant

Hello,

Your NAT rules look good.

How did you test the NAT?

You can use packet tracer to confirm it is configured correctly:

 packet-tracer input [src_int] protocol src_addr src_port dest_addr  dest_port 

Example:

packet input inside tcp 172.19.0.5 1025 192.168.1.5 80

Regards,

Felipe.


Remember to rate useful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: