NAT problem

rouzbehta · ‎02-07-2011

Hello everyone,

I have attahched an ASA configuration, along with 2 routers attached to this asa , one called inside and other outside.

I have configured 2 sub interfaces on the inside router with 10.10.15.3 and 10.10.10.3, with default route 0.0.0.0 0.0.0.0 10.10.15.1 to send traffic to asa

I am going to pat the 10.10.15.0 subnet on port address translation and dynamic nat 10.10.10.0 subnet on the address pool of 66.128.95.146 255.255.255.248

I can't get these both together up and running , I can ping address 66.128.95.145 but not 66.128.95.241, I am really disappointed, everythig looks ok , but just doesn't work.

Can someone please look at this and let me know what is my problem?

Best Regard,

-Rouzbeh

PAUL GILBERT ARIAS · ‎02-07-2011

your configuration looks fine. Can you tell me if you can do the following test:

Ping from the ASA the IP that is not working for you (66.128.95.241)?

If that doesn't work then the issue is not your ASA.

NAT is configured fine, ACLs are allowing the traffic. The next hops are directly connected.

You should check the logs on the ASA and if possible test with a packet tracer.

rouzbehta · ‎02-07-2011

Hello,

I can not ping 66.128.95.241, but I can ping 66.128.95.145 with the default route of 0.0.0.0 0.0.0.0 10.10.10.1

Then when I change default route to 0.0.0.0 0.0.0.0 10.10.15.1 I can ping 66.128.95.241, and can't ping 66.128.95.145, isn't is odd?

Best Regards,

-Rouzbeh

PAUL GILBERT ARIAS · ‎02-07-2011

ok, now I see what is going on. since you have a default route configured the router will send the traffic to that IP when it doesn't know where the destination IP is located. You will need static routes for each destination.

try the following

ip route 0.0.0.0 0.0.0.0 10.10.15.1

ip route 66.128.95.146 255.255.255.248 10.10.10.1

or you could also try on the inside router

ip route 0.0.0.0 0.0.0.0 10.10.15.1

ip route 0.0.0.0 0.0.0.0 10.10.10.1

This is just a routing problem. Please let me know if that works.

rouzbehta · ‎02-07-2011

Man this is working!!

You are awesome, I don't know how to expose my happiness and appreciation.

Thank you very much!

-Rouzbeh

PAUL GILBERT ARIAS · ‎02-07-2011

I am glad to hear that it worked for you.

If possible please mark the question as resolved.

Have a good day.

rouzbehta · ‎02-07-2011

I forgot to tell, I checked with packet tracer, and tried to ping 66.128.95.145 from subnet 10.10.10.2 it works

but from either from 10.10.15.2 to 66.128.95.145 doeasn't, I am screwed.

Best Regards,

-Rouzbeh

PAUL GILBERT ARIAS · ‎02-07-2011

how are you testing the traffic? Using a ping?

If so, are you using the following sintax:

ping 66.128.95.241 source FastEthernet1.2

and

ping 66.128.95.145 source FastEthernet0.1