single server Nat failure - was working

jabberwok_e · ‎03-11-2013

I am not getting through to a server, although other configured servers are working fine. I tried a packet tracer and when clicking on the "Show Nat rule" that is denying, I get:

ASDM is not able to select the entry for the following configuration -

nat (inside) 0 0.0.0.0 0.0.0.0

nat-control

match ip inside any outside any

no translation group, implicit deny

policy_hits = 2

I saw some other discussions concerning DMZ but did not want to use the suggested commands for fear of making the problem worse. Any advise would be appreciated!

Result of the command: "sh nat"

NAT policies on Interface inside:

match ip inside host Tweak outside any

static translation to MainComcastOutside

translate_hits = 3, untranslate_hits = 91

match ip inside host TowelieInside outside any

static translation to TowelieOutside

translate_hits = 117, untranslate_hits = 0

match ip inside 128.0.0.0 255.255.0.0 inside any

dynamic translation to pool 1 (No matching global)

translate_hits = 15, untranslate_hits = 0

match ip inside 128.0.0.0 255.255.0.0 outside any

dynamic translation to pool 1 (23.25.43.61 [Interface PAT])

translate_hits = 8520, untranslate_hits = 1288

match ip inside 128.0.0.0 255.255.0.0 _internal_loopback any

dynamic translation to pool 1 (No matching global)

translate_hits = 0, untranslate_hits = 0

match ip inside any outside any

no translation group, implicit deny

policy_hits = 2

jocamare · ‎03-11-2013

Can you share the nat configuration from the unit?

Also, can you specify how this server is going to be access and by whom?

This command:

nat (inside) 0 0.0.0.0 0.0.0.0

basically says that IP addresses on the packets coming from the inside will not be translated. Is that what you want to do?