09-07-2012 09:34 AM - edited 03-11-2019 04:51 PM
Just started working with the post 8.3 CLI.
Traffic from outside to inside is translated correctly, but inside to outside is using the outside Interface IP instead of the mapped IP, 50.50.50.50.
I know I'm missing something small here.
This is the config that was build using ASDM.
Outside IP: 50.50.50.50
Inside IP: 10.10.10.10
object network TEST
host 50.50.50.50
description One-To-One NAT 50.50.50.50/10.10.10.10
!
object network TEST-priv
host 10.10.10.10
description One-To-One NAT 50.50.50.50/10.10.10.10
!
object network TEST-priv
nat (inside,outside) static TEST
!
nat (inside,outside) source dynamic IN2OUT interface description PAT Overload Using Interface Public IP
!
object network IN2OUT
subnet 0.0.0.0 0.0.0.0
description Inside To Outside NAT
!
Note: ASDM created object TEST-priv twice. One on top and one below the NAT configs.
Solved! Go to Solution.
09-07-2012 09:38 AM
Hello Robert,
The problem here is the nat order.
Twice nat are review first so in order to make this work do the following on the CLI.
no nat (inside,outside) source dynamic IN2OUT interface description PAT Overload Using Interface Public IP
nat (inside,outside) after-auto source dynamic IN2OUT interface description PAT Overload Using Interface Public IP
Remember to rate all of the answers, for the community that is more important that a thank
Regards,
Julio
09-07-2012 09:38 AM
Hello Robert,
The problem here is the nat order.
Twice nat are review first so in order to make this work do the following on the CLI.
no nat (inside,outside) source dynamic IN2OUT interface description PAT Overload Using Interface Public IP
nat (inside,outside) after-auto source dynamic IN2OUT interface description PAT Overload Using Interface Public IP
Remember to rate all of the answers, for the community that is more important that a thank
Regards,
Julio
09-07-2012 09:49 AM
looks like it is working, thanks!
so, best practice is to create the global nat entry at the very end?
do i still need to do this after creating additional mappings, or is this a one time deal?
09-07-2012 10:02 AM
Hello Robert,
The best practice is to place the general rules at the bottom, the specific ones at the top.
Order of NAT rules 8.3:
Twice Nat
Auto Nat
After Auto Nat
Regards,
Remember to rate all the helpul posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide