06-03-2013 12:34 PM - edited 03-11-2019 06:52 PM
Hello World,
I'm receiving an error when trying to access a web server behind from one subinterface to another subinterface on an ASA access the public IP. I'm getting the following:
Global Static NAT
Deny IP spoof from (61.X.X.X) to 201.X.X.X on interface Outside
Traffic dies at the firewall stating that the traffic is spoofed from the Global address (61.) to the static (201.) address. Both bound to the outside interface.
When I create a static NAT on the firewall there is no problem; however when I'm patting against the firewall to the public IP I get the denies.
Can anyone offer any insight?
06-03-2013 12:38 PM
Hi,
Could you elaborate a bit on what the actual setup on the firewall is and perhaps provide the NAT configurations?
- Jouni
06-03-2013 02:24 PM
Have you enabled traffic for two or more hosts on the same interface? Since you are using one physical interface I think this needs to be enabled.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
06-04-2013 05:24 AM
Journi,
No real elegant NAT configuration on the firewall. Just a dynamic NAT on the subinterfaces. Version 8.2.5. The subinterface has the following NAT config:
nat (Customer11) 1 0.0.0.0 0.0.0.0
nat-control
global (Outside) 1 interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide