Hi,
Please can anyone offer any advise on the below issue I am having?
Inbound traffic on sub-interface is bypassing/ignoring the destination NAT rules. The NAT rules are setup to work with multiple interfaces and the NAT rules are working ok with direct connected interfaces, and only failing against sub-interface.
example:
interface Ethernet0/1
no nameif
no security-level
no ip address
interface Ethernet0/1.61
description Interface to Routers vlan61
vlan 61
nameif Rout-DMZ
security-level 100
ip address 172.30.45.30 255.255.255.240 standby 172.30.45.29
interface Ethernet0/2
description Interface to monitoring vlan63
nameif Mon_svrs
security-level 50
ip address 196.12.12.30 255.255.255.240 standby 196.12.12.29
interface Management0/0
nameif ICONNECT
security-level 10
ip address 172.30.50.1 255.255.255.240 standby 172.30.50.2
object network NAT_00274_Real
nat (ICONNECT,any) static NAT_00274_local
I tested inbound/outbound traffic working all ok to and from eth0/2 (Mon_svrs) >< Man0/0 (ICONNECT). Nat rule works ok. Tested same again from eth0/1.61 and NAT rule is ignored.
Deleted static host NAT rule. Applied new NAT rule against interface Rout-DMZ to ICONNECT and tested with same result. Modified new NAT rule and applied to "Mon-svrs" I/F. Nat rule worked ok. I continued with lots of NAT variations. Results the same.
Applied ASA code fix update from 9.1(6)6 to 9.1(6)11 due to known object NAT issue and VPN security fix. Retested multiple NAT configurations, but still with same results.