cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
765
Views
10
Helpful
9
Replies

CISCO ASA NATTING

Hi could any one please help to resolve the NATTING Issue.

 

Am not verygood with natting .

 

"No translation group found for udp src inside:10.32.65.237/62754 dst app_mgt1:12.100.64.5/161"

1 Accepted Solution

Accepted Solutions

Hi,

Okay got it.. You just need a NAT Exempt for the return traffic:-

access-list MPLS permit ip host 10.100.64.5 host 10.2.65.237

See if this resolves it

Thanks and Regards,

Vibhor Amrodia

View solution in original post

9 Replies 9

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

This would mean that you don't have a NAT statement configured on the ASA device for Src:- 10.32.65.237 when trying to go to Dest:- 12.100.64.5.

You can troubleshoot this easily with Packet Tracer Utility:-

https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

NOTE:- Using Detail at end , you would see if you hit any NAT statements or not.

Also , share your current NAT configuration.

Thanks and Regards,

Vibhor Amrodia

thanks

while doing the packet tracer am getting drop in natting.

 


Phase: 8
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 0 0.0.0.0 0.0.0.0
nat-control
  match ip inside any app_mgt1 any
    no translation group, implicit deny
    policy_hits = 144
Additional Information:
 Forward Flow based lookup yields rule:
 out id=0xabdd6c60, priority=0, domain=nat-reverse, deny=false
        hits=1, user_data=0xabdd69f0, cs_id=0x0, flags=0x0, protocol=0
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

 

Hi,

Can you post the output of show route , show ip and complete packet trace command which you executed ?

Also , is this traffic being routed over a VPN ?

Thanks and Regards,

Vibhor Amrodia

thanks

Hi,

Okay got it.. You just need a NAT Exempt for the return traffic:-

access-list MPLS permit ip host 10.100.64.5 host 10.2.65.237

See if this resolves it

Thanks and Regards,

Vibhor Amrodia

hi seems everything is good in packet tracer but i try to telnet the port 161 from source . no luck connection refused error am getting.

thanks

thank you very much dude its working fine....... thanks a lot

Review Cisco Networking for a $25 gift card