02-04-2021 03:29 AM
hello together, i have a server where i cant change snmp deamon port and which is not 161. and i have a monitor system where i cant change snmp to ask at another port then 161. in between there is an asa so i thought maybe its a good idea to just rewrite destination port in a nat statement. thats what i have tried so far:
object-group network monitoring
network-object host 10.0.0.1
object-group network server
network-object host 10.150.1.1
object service snmp
service udp destination eq snmp
object service snmp-server
service udp destination eq 2161
nat (monitor-lan,server-lan) source static monitoring monitoring destination static server server service snmp-server snmp no-proxy-arp route-lookup
but packettracer says:
Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate
also i have tried snmp walk from the monitor system to the server, its not working. and also nothing is workin when this entry is added. i even cant ping the server from another system in the monitor-lan, even it has another ip then 10.0.0.1
also i change static to dynamic, disabled routelookup etc. i dont know where the problem is. maybe someone can help me on this
02-04-2021 04:52 AM
02-04-2021 05:24 AM - edited 02-04-2021 05:26 AM
hi,
heres the output:
asa/pri/act(config)# show nat interface monitor-lan detail
Manual NAT Policies (Section 1)
38 (monitor-lan) to (server) source static monitoring monitoring destination static server server service snmp-server snmp
translate_hits = 0, untranslate_hits = 0
Source - Origin: 10.0.0.1/32, Translated: 10.0.0.1/32
Destination - Origin: 10.150.1.1/32, Translated: 10.150.1.1/32
Service - Origin: udp destination eq 2161 , Translated: udp destination eq snmp
no traffic at all is passing to the server when rule is applied
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide