Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
190
Views
0
Helpful
1
Replies

Static PAT/ACL failing - Vr 9.6

Chris Bloy
Level 1
Level 1

‎11-28-2016 02:28 AM - edited ‎03-12-2019 01:35 AM

Hi All,

I think i am loosing my mind on this one, as again i have found a configuration that works in a version before thats not working on 9.6. I have a static PAT to open port 10022 to an internal host. :-

interface GigabitEthernet1/2

 nameif DXBLV-GW01-LL-RADIANT4

 security-level 100

 ip address 192.168.254.1 255.255.255.0 

 

object network Radiant4

 host 192.168.254.2

 nat (DXBLV-GW01-LL-RADIANT4,outside) static interface service tcp 10022 10022 

....

nat (DXBLV-GW01-LL-RADIANT4,outside) after-auto source dynamic any interface

access-list OUTSIDE_IN extended permit tcp any host 192.168.254.2 eq 10022

I have simplified the configuration above, but when testing, its pushing the traffic back out the external interface:-

packet-tracer input outside tcp 8.8.8.8 2345 <public ip> 10022

Phase: 1

Type: ROUTE-LOOKUP

Subtype: Resolve Egress Interface

Result: ALLOW

Config:

Additional Information:

found next-hop xxx.xxx.xxx.xxx using egress ifc  identity

Phase: 2

Type: NAT

Subtype: per-session

Result: ALLOW

Config:

Additional Information:

Phase: 3

Type: ACCESS-LIST

Subtype: 

Result: DROP

Config:

Implicit Rule

Additional Information:

Result:

output-interface: NP Identity Ifc

output-status: up

output-line-status: up

Action: drop

Have i missed something here??

Thanks,

Chris

 

Labels:
0 Helpful
1 Reply 1

Chris Bloy
Level 1
Level 1

‎11-28-2016 10:28 PM

Fixed.. Simply NAT ordering issue!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card