Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2047
Views
3
Helpful
5
Replies

Static NAT doesn't work.

Go to solution
Yong Peng
Level 1
Level 1

‎05-15-2013 09:38 PM - edited ‎03-11-2019 06:44 PM

Greeting.

The static NAT configuration doesn't work on ASA Version 8.6(1)2.

Can anybody help me to take a look please?

object network n5k-1

host 10.232.11.190

object network n5k-2

host 10.232.11.189

object service telnet

service tcp source eq telnet

object service telnet-1

service tcp source eq 1025

object service telnet-2

service tcp source eq 1026

nat (inside,outside) source static n5k-1 interface service telnet telnet-1

nat (inside,outside) source static n5k-2 interface service telnet telnet-2

                  

access-list outside extended permit ip any any

access-group outside in interface outside

I can't telnet "outside IP":1025, or 1026.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
saurabhgoel169
Level 1
Level 1
In response to blau grana

‎05-16-2013 07:44 PM

Hi Peng,

You are using Static NAt and applying it with Interface IP address which is incorrect.  As other users are also using the interface IP address for outside communication. Try to use specific public IP address for static NAT instead of Inetrafce IP address.

Let me know the result

Thanks

Saurabh

View solution in original post

0 Helpful
5 Replies 5

Go to solution
blau grana
Level 7
Level 7

‎05-16-2013 01:16 AM

Hello Peng,

I tried your configuration on ASA8.4(2) in GNS and it worked. Try to check other devices in path if communication is not filtered somewhere else.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Go to solution
saurabhgoel169
Level 1
Level 1
In response to blau grana

‎05-16-2013 07:44 PM

Hi Peng,

You are using Static NAt and applying it with Interface IP address which is incorrect.  As other users are also using the interface IP address for outside communication. Try to use specific public IP address for static NAT instead of Inetrafce IP address.

Let me know the result

Thanks

Saurabh

0 Helpful

Go to solution
Yong Peng
Level 1
Level 1
In response to saurabhgoel169

‎05-19-2013 07:31 PM

I did second try:

object network n5k-1

host 10.232.11.190

object network n5k-2

host 10.232.11.189

object network n5k-1

nat (inside,outside) static interface service tcp telnet 8000

CNSHFW132-20# sh run nat

nat (inside,outside) source static pat pat destination static vpn vpn

nat (inside,outside) source dynamic pat interface

!

object network n5k-1

nat (inside,outside) static interface service tcp telnet 8000

CNSHFW132-20#

CNSHFW132-20# sh xlate

TCP PAT from inside:10.232.11.190 23-23 to outside:112.64.156.xx 8000-8000
    flags sr idle 0:06:19 timeout 0:00:00

it doesn't work.

If I change the " interface" to a specific public IP, it works.

I think it must be a bug...

0 Helpful

Go to solution
Yong Peng
Level 1
Level 1

‎05-17-2013 04:31 AM

I really hate the version higher than 8.2(5)

it is totally different with earlier version.

thanks for your help.

iwill check other stuff and get back to u

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Yong Peng

‎05-17-2013 04:34 AM

Hi,

To help a bit with the new 8.3+ NAT format you could look at these 2 documents atleast

A NAT 8.3+ Document I made recently

https://supportforums.cisco.com/docs/DOC-31116

A good NAT 8.2 vs 8.3+ Document

https://supportforums.cisco.com/docs/DOC-9129

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card