FWSM nat problem

dominic.caron · ‎11-06-2008

Hi,

I've got problem with user behind a multi-context/transparent FWSM. The FW is doing PAT in the NAT pool. Did anyone ever experience this issue.

firewall transparent

global (outside) 1 X.Y.177.50-X.Y.177.253 netmask 255.255.255.0

global (outside) 1 X.Y.177.254

nat (inside) 1 10.10.240.0 255.255.252.0 dns norandomseq

sh xlate

17 in use, 37 most used

Global X.Y.177.51 Local 10.10.240.36

Global X.Y.177.54 Local 10.10.240.59

Global X.Y.177.58 Local 10.10.240.5

Global X.Y.177.60 Local 10.10.240.200

Global X.Y.177.61 Local 10.10.240.32

Global X.Y.177.63 Local 10.10.240.31

Global X.Y.177.65 Local 10.10.240.104

Global X.Y.177.52 Local 10.10.240.37

Global X.Y.177.86 Local 10.10.241.135

Global X.Y.177.51 Local 10.10.243.10

Global X.Y.177.51 Local 10.10.240.49

Global X.Y.177.52 Local 10.10.241.103

Global X.Y.177.50 Local 10.10.241.249

Global X.Y.177.52 Local 10.10.240.33

Global X.Y.177.52 Local 10.10.241.246

Global X.Y.177.52 Local 10.10.241.252

Global X.Y.177.52 Local 10.10.241.245

Global X.Y.177.52 Local 10.10.241.251

Global X.Y.177.52 Local 10.10.241.102

Global X.Y.177.52 Local 10.10.243.12

Global X.Y.177.52 Local 10.10.241.250

Global X.Y.177.52 Local 10.10.241.254

Global X.Y.177.52 Local 10.10.240.70

Global X.Y.177.53 Local 10.10.243.252

Global X.Y.177.54 Local 10.10.241.42

Global X.Y.177.50 Local 10.10.240.10

Global X.Y.177.56 Local 10.10.240.11

Global X.Y.177.57 Local 10.10.240.7

Global X.Y.177.68 Local 10.10.240.2

Global X.Y.177.70 Local 10.10.240.6

Global X.Y.177.71 Local 10.10.240.18

Global X.Y.177.74 Local 10.10.240.102

Global X.Y.177.59 Local 10.10.240.103

Global X.Y.177.69 Local 10.10.241.107

dhananjoy chowdhury · ‎11-07-2008

global (outside) 1 X.Y.177.50-X.Y.177.253 netmask 255.255.255.0

global (outside) 1 X.Y.177.254

It seems ok, because the first global statement has a public IP range, so till the range is exhasted it will do on-to-one nat and after that the 2nd global statemnt comes into action doing PAT.