02-04-2021 03:29 AM
hello together, i have a server where i cant change snmp deamon port and which is not 161. and i have a monitor system where i cant change snmp to ask at another port then 161. in between there is an asa so i thought maybe its a good idea to just rewrite destination port in a nat statement. thats what i have tried so far:
object-group network monitoring
network-object host 10.0.0.1
object-group network server
network-object host 10.150.1.1
object service snmp
service udp destination eq snmp
object service snmp-server
service udp destination eq 2161
nat (monitor-lan,server-lan) source static monitoring monitoring destination static server server service snmp-server snmp no-proxy-arp route-lookup
but packettracer says:
Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate
also i have tried snmp walk from the monitor system to the server, its not working. and also nothing is workin when this entry is added. i even cant ping the server from another system in the monitor-lan, even it has another ip then 10.0.0.1
also i change static to dynamic, disabled routelookup etc. i dont know where the problem is. maybe someone can help me on this
02-04-2021 04:52 AM
02-04-2021 05:24 AM - edited 02-04-2021 05:26 AM
hi,
heres the output:
asa/pri/act(config)# show nat interface monitor-lan detail
Manual NAT Policies (Section 1)
38 (monitor-lan) to (server) source static monitoring monitoring destination static server server service snmp-server snmp
translate_hits = 0, untranslate_hits = 0
Source - Origin: 10.0.0.1/32, Translated: 10.0.0.1/32
Destination - Origin: 10.150.1.1/32, Translated: 10.150.1.1/32
Service - Origin: udp destination eq 2161 , Translated: udp destination eq snmp
no traffic at all is passing to the server when rule is applied
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: