Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
2
Replies

asa 9.1 NAT

imrerajki
Level 1
Level 1

‎06-18-2015 03:36 PM - edited ‎03-11-2019 11:09 PM

Hi,

I was looking at many articles about this topic, but couldn't find a solution, maybe my bad.

I am running a ASA5510 with 8.4.2 everything works good, but the customer wants a newer code. I was trying 8.4.5, 9.1.1, 9.1.2, 9.1.5, 9.1.6, and all fails on specific NATs. couldn't figure out the way to make it working.

this is the particular NAT rule:

nat (inside,DMZ) source static EXCHANGE-SRV SPECIAL-DMZ-NAT destination static PORTAL-DMZ-NET PORTAL-DMZ-NET service SMTP SMTP

and the related objects:

object network EXCHANGE-SRV
 host 192.168.0.69
object service SMTP
 service tcp source eq smtp
object network PORTAL-DMZ-NET
 host 172.30.30.12
object network SPECIAL-DMZ-NAT
 host 172.30.30.11

packet tracer on 9.1.2 says: Connection to PAT address without pre-existing xlate

and all other versions as well looks like NAT is being ignored. I tried object nat, nat without service, without destination, neither of those helped! and I am really out of ideas. it is not only a packet tracer issue, as the service is not working during testing.

 

thanks for any idea!

 

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-19-2015 04:27 AM

Hi,

This is expected on any 9.x code.

You would have to configure a Static One-One NAT to resolve this issue.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_objects.html#pgfId-1106703

Thanks and Regards,

Vibhor Amrodia

0 Helpful

imrerajki
Level 1
Level 1
In response to Vibhor Amrodia

‎06-19-2015 04:39 AM

Hi,

 

I tried that also (refered in my original post as object nat), but will double check today. however with that I cannot specify destination! (please correct me if I am wrong)

I am running many other 9.2 codes with newer platforms and the above command works on all of them, just not here.

also in the document you are referring to this is included:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_rules.html#pgfId-1416253

can you please direct me to the right direction, why would you expect my command is expected not to work?

 

Thanks

Imre

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card