cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1754
Views
0
Helpful
3
Replies

Deny IP spoof from (global) to (Static NAT) on outside interface help!

jtadamofod81
Level 1
Level 1

Hello World,

I'm receiving an error when trying to access a web server behind from one subinterface to another subinterface on an ASA access the public IP.  I'm getting the following:

                               Global       Static NAT

Deny IP spoof from (61.X.X.X) to 201.X.X.X on interface Outside     

Traffic dies at the firewall stating that the traffic is spoofed from the Global address (61.) to the static (201.) address.  Both bound to the outside interface.

When I create a static NAT on the firewall there is no problem; however when I'm patting against the firewall to the public IP I get the denies. 

Can anyone offer any insight?    

3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Could you elaborate a bit on what the actual setup on the firewall is and perhaps provide the NAT configurations?

- Jouni

Have you enabled traffic for two or more hosts on the same interface?  Since you are using one physical interface I think this needs to be enabled.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

jtadamofod81
Level 1
Level 1

Journi,

No real elegant NAT configuration on the firewall.  Just a dynamic NAT on the subinterfaces.   Version 8.2.5. The subinterface has the following NAT config:

nat (Customer11) 1 0.0.0.0 0.0.0.0

nat-control
global (Outside) 1 interface

Review Cisco Networking for a $25 gift card