Solved: Re: Multiple static nat problem.

mnetworksas · ‎09-12-2007

Hi all.

I have a problem whit a Cisco ASA 5505

My problem is nating from the outside in.

About my setup:

I have a 28 bit subnet from my ISP.

- One for the GW

- One for the ASA

- One for the ISP Switch

The rest is free for me to use.

The Problem:

When a try to nat in other IP's then the ASA IP I only get the first to work.

I have attached my config.

This won't work:

static (inside,outside) 91.189.xxx.166 192.168.2.11 netmask 255.255.255.255

This works:

static (inside,outside) 91.189.xxx.167 192.168.2.6 netmask 255.255.255.255

Can any one help me please :-)

Thanks,

Stig Bollund

mattiaseriksson · ‎09-12-2007

Hi Stig,

Have you tried different outside IP's?

Enter 'clear xlate' after you change any NAT statements.

The logfile should give you information why a translation fails so check there as well.

But I can't see any problem in the configuration.

Regards,

/Mattias

View solution in original post

mattiaseriksson · ‎09-12-2007

Hi Stig,

Have you tried different outside IP's?

Enter 'clear xlate' after you change any NAT statements.

The logfile should give you information why a translation fails so check there as well.

But I can't see any problem in the configuration.

Regards,

/Mattias

mnetworksas · ‎09-12-2007

Hummmm.....

If I use another IP, then it works.

That I dont like..

One the IP that dosen't work:

It nat's okay, and I used the clear xlate around 100 times :-)

Thanks..

mattiaseriksson · ‎09-12-2007

Perhaps that IP is being used already. Remove the NAT statement, ping that IP from the ASA and then check with 'show arp' if it still has an arp entry for it.

Check the logfile for error messages.

The last part about 'It nat's okay' I did not quite understand. What NAT's ok?

rajko.bogdanovic · ‎09-12-2007

Just one question

Have you tried it combined with access lists?

mnetworksas · ‎09-12-2007

Hi all.

Thanks for replying.

The problem was the ARP table on my ISP's Router.

The problem is fixed.