Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
5
Helpful
3
Replies

Packet tracer says NAT pool exhausted

dodgerfan78
Level 1
Level 1

‎01-30-2023 08:10 PM

I have a virtual ASA and NAT is not working. Here is the config. Why does it say exhausted? ASAv is running 9.16. I have a live config on a customer network running 9.5 and it works fine.

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.101.4.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.1.4.1 255.255.255.0
!  

object network LAN-1
subnet 192.168.11.0 255.255.255.0
object network LAN-2
subnet 192.168.12.0 255.255.255.0
object-group network NAT-POOL-1
network-object host 10.101.3.51
network-object host 10.101.3.52
network-object host 10.101.3.53
network-object host 10.101.3.54
object-group network NAT-POOL-2
network-object host 10.101.3.61
network-object host 10.101.3.62
network-object host 10.101.3.63
network-object host 10.101.3.64

object network LAN-1
nat (inside,outside) dynamic pat-pool NAT-POOL-1
object network LAN-2
nat (inside,outside) dynamic pat-pool NAT-POOL-2
router ospf 1
network 10.1.4.0 255.255.255.0 area 0.0.0.0
network 10.101.4.0 255.255.255.0 area 0.0.0.0
area 0.0.0.0
log-adj-changes
redistribute static subnets
!
route Null0 10.101.3.0 255.255.255.0 1
route Null0 10.101.3.0 255.255.255.128 1
route Null0 10.101.3.128 255.255.255.128 1

Packet tracer shows this:

asa1# packet-tracer input inside tcp 192.168.11.5 5000 100.9.9.1 22

Phase: 1
Type: INPUT-ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
Found next-hop 10.101.4.10 using egress ifc outside

Phase: 2
Type: NAT
Subtype:
Result: ALLOW
Config:
object network LAN-1
nat (inside,outside) dynamic pat-pool NAT-POOL-1
Additional Information:

Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (nat-xlate-pool-exhausted) NAT failed due to pool exhaustion, Drop-loca
tion: frame 0x000055f38aaa4718 flow (NA)/NA

 

 

3 Replies 3

MHM Cisco World
VIP
VIP

‎01-31-2023 09:08 AM

ciscoasa# show run all xlate <<- please share this 

0 Helpful

Aref Alsouqi
VIP
VIP

‎01-31-2023 10:33 AM

Please try to create two new network objects including the pools ranges and edit the NAT rules as this example and see if it works:

object network Pool-1
 range 10.101.3.51 10.101.3.54

object network Pool-2
 range 10.101.3.61 10.101.3.64

object network LAN-1
 nat (inside,outside) dynamic pat-pool Pool-1
object network LAN-2
 nat (inside,outside) dynamic pat-pool Pool-2

0 Helpful

Marius Gunnerud
VIP
VIP

‎02-01-2023 12:50 AM

issue the command show nat pool and see if any of the entries here are maxed out at 65535.

could you also post the output of show route 192.168.11.5  and show route 100.9.9.1

Also, try clearing the xlate table and test again. clear xlate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card