PAT pool problems. On 6.4.x. Found known issue for 6.3. How can I do this?
2130 HA pair running 220.127.116.11.
I am setting up outgoing NAT/PAT. There are several internal interfaces with their own private subnets. My intent is to IP masquerade all outgoing connections from internal private subnet A to a pool of public IP's on my external interface using a PAT pool without round robin.
I configured the first internal subnet to do Auto dynamic NAT with the interface object defined for source and destination and set the Translated Object to be "Address" and put in the IP address of the external interface. By setting it to "Address" versus "Destination interface IP" it enabled the checkbox to enable a PAT pool.
However when I go to save the config it errors out with this text
"Translated Source or Original Destination network IP address cannot overlap with Interface Ip address
IP address overlap configurations observed for following interface configurations :
Interface Object [outside] having interfaces [outside] of device FTDv1
Specify Interface Object or specify an alternate IP address for Network Translation"
This is puzzling since of course the Translated address need to be defined on a firewall interface right?
I found this KB article referencing 6.3.0 which seems to indicate it is a bug, but it still doesnt work in 18.104.22.168
I think I may have figured this out. Here is what I did
On the Translation tab, I set the Translated Packet to "Address" but then just left it blank. Then went to the PAT Pool tab and set PAT to Address and selected an Object with a range of sequential public IP's
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu...
Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0). Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis).
Updated: July 2018
New: Updated format , Netflow configuration examples per platform (End of Table)
Note: Remember the table is scrollable horizontally to view other columns, not only vertically
IOS / IOS XE
The goal of this guide is to illustrate the main concepts of TrustSec which are:
Classification: Classifying endpoints and servers with a Scalable Group Tag (SGT)
Propagation: Communicating SGT information through the network