cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
886
Views
0
Helpful
4
Replies

Cisco asa5540 8.2 no PAT

Dear all,

I'm newbie with the asa family.

I have a cisco ASA 5540 and i cant make a simple PAT (many private IP to one public IP). Below you can find my conf.

interface GigabitEthernet0/0.310

vlan 310

nameif dmz-vl310

security-level 50

ip address 192.168.250.1 255.255.255.224

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address x.x.x.157 255.255.255.224

nat (dmz-vl310) 1 192.168.250.0 255.255.255.224

global (outside) 1 x.x.x.131

and the results by typing the command below are:

packet-tracer input dmz-vl310 icmp 192.168.250.5 0 8 173.194.34.17

Phase: 6

Type: NAT

Subtype:

Result: DROP

Config:

nat (dmz-vl310) 1 192.168.250.0 255.255.255.224

  match ip dmz-vl310 192.168.250.0 255.255.255.224 outside any

    dynamic translation to pool 1 (x.x.x.131)

    translate_hits = 1, untranslate_hits = 0

Additional Information:

Result:

input-interface: dmz-vl310

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

but on my firewall rule all is open. Can someone to help me, what kind of error i make?

Thanks!

1 Accepted Solution

Accepted Solutions

Hello Christos,

That is great, please post the answer and mark the question as answered so future users can learn from you

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

4 Replies 4

Dear all,

Problem was resolved.

thanks

Hello Christos,

That is great, please post the answer and mark the question as answered so future users can learn from you

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hello Julio,

Actualy there is not problem! packet-tracer show a problem with the access-list but i connected a pc behind the lan and all is working correctly.

thank you and sorry for the inconvenience,

Chris

Hello Christos,

Great, thank you for that information

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card