Solved: Re: Multi-global twice nat >8.3 - Page 2

jerome.bordeau · ‎06-18-2012

Hi all,

I try to convert a CISCO ASA 8.2 version to 8.4 BUT, I have a small or "little" problem :

On Cisco ASA 8.2.x, i have a possibility to create multi-line global with different subnet.

Example :

global (outside) 2 217.1.x.65-217.x.x.66 netmask 255.255.255.240

global (outside) 1 interface <-- Ip interface is other subnet : 217.3.x.3

global (outside) 2 217.1.x.67 netmask 255.255.255.240

nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz2) 2 192.168.4.0 255.255.255.0

What is the method or solution to translate multi-global in 8.4 ?

In same idea : with static translation in 8.4 : i try to use different server in inside's zone, but not in same network on outside. In 8.2 Firmware, it's very easy to use that, but in 8.3-8.4 version, i don't have some idea to manipulate ...

interface Vlan1

description Lien vers reseau Interne Client

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.0

interface Vlan2

nameif outside

security-level 0

ip address 192.168.99.16 255.255.255.0

object network rdp-test

host 192.168.0.3

nat (inside,outside) static 192.168.99.17

object network rdp-test1

host 192.168.0.4

nat (inside,inside) static 192.168.98.17

It's not a filter problem, it's probably a problem between nat and arp .... but where ???

Please, help me !!!

Have a nice day

JB

Jennifer Halim · ‎06-18-2012

There is a change in the behaviour on how ASA response to ARP, but it doesn't start until version 8.4.3, and you are running 8.4.2.

But here is the change for your reference:

https://supportforums.cisco.com/docs/DOC-24549

jerome.bordeau · ‎06-18-2012

Thank a lot for this informations.

It's very shame that this function running correctly on 8.2 version and now, in 8.3, 8.4, this fonction have need to add a route in gateway.

Have a nice day