cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2598
Views
0
Helpful
2
Replies

asa nat destination port rewrite

daniel f.
Level 1
Level 1

hello together, i have a server where i cant change snmp deamon port and which is not 161. and i have a monitor system where i cant change snmp to ask at another port then 161. in between there is an asa so i thought maybe its a good idea to just rewrite destination port in a nat statement. thats what i have tried so far:

 

 


object-group network monitoring
network-object host 10.0.0.1

object-group network server
network-object host 10.150.1.1

object service snmp
service udp destination eq snmp
object service snmp-server
service udp destination eq 2161

nat (monitor-lan,server-lan) source static monitoring monitoring destination static server server service snmp-server snmp no-proxy-arp route-lookup

 

but packettracer says:

Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate

 

also i have tried snmp walk from the monitor system to the server, its not working. and also nothing is workin when this entry is added. i even cant ping the server from another system in the monitor-lan, even it has another ip then 10.0.0.1

 

also i change static to dynamic, disabled routelookup etc. i dont know where the problem is. maybe someone can help me on this

2 Replies 2

Hi,

Remove these two no-proxy-arp route-lookup and try. Then post the output
show nat interface monitor-lan details


**** please remember to rate useful posts

hi,

heres the output:

 

asa/pri/act(config)# show nat interface monitor-lan detail
Manual NAT Policies (Section 1)
38 (monitor-lan) to (server) source static monitoring monitoring destination static server server service snmp-server snmp
translate_hits = 0, untranslate_hits = 0
Source - Origin: 10.0.0.1/32, Translated: 10.0.0.1/32
Destination - Origin: 10.150.1.1/32, Translated: 10.150.1.1/32
Service - Origin: udp destination eq 2161 , Translated: udp destination eq snmp

 

no traffic at all is passing to the server when rule is applied

Review Cisco Networking for a $25 gift card