ASA 9.1 No-NAT IP

support · ‎10-20-2014

Hi

We currently have some ASA5510's running 8.2 and are planning to migrate to ASA5525's running 9.1 but have an issue when trying to upgrade the configuration in that it appears some routes we had are no longer supported so do not come over after the upgrade.

Essentially the 5510 is setup in routed mode and 90% of our addresses are static NAT's from private to public IP's but we have a handful of services which do not like NAT at all so we create a static NAT and then a static route which would route back to one of 5510 interfaces.

Example would be if the external IP we would like to use is 1.1.1.1 and the inside interface had an IP of 192.168.1.1 we would do the following -

static (inside,outside) 1.1.1.1 1.1.1.1

route inside 1.1.1.1 255.255.255.255 192.168.1.1

Then on the server we could configure the NIC with the IP of 1.1.1.1 and the gateway set to 192.168.1.1 and this would work great.

Now on ASA 9.1 the NAT side is fine but when we try to add the route we get -

%Invalid next hop address, it belongs to one of our interfaces

Has anyone else had this issue and if so have you found a workaround?

Cheers

Sean

Tagir Temirgaliyev · ‎10-20-2014

Then on the server we could configure the NIC with the IP of 1.1.1.1 and the gateway set to 192.168.1.1 and this would work great.

==================

how it is possible ? somebody please explain

support · ‎10-20-2014

This was the point of the static route which no longer seems to work on 9.1.

We have tried an ARP alias but this still does not work......

support · ‎11-06-2014

Ok think we have managed to get round this on our own by introducing a router.