cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1255
Views
5
Helpful
4
Replies

tricky NAT issue on ASA 9.1

ronald.su
Level 1
Level 1

hi guys, I m facing a tricky NAT issue here, it's quite strange....
here is the story :
we have a subnet 192.168.2.0/24 and have 2 public IP on ASA(9.1)
all the subnet is dynamic NAT to the outside interface.

and now I want to add an internal IP to static NAT to another public IP

below is the config:
-----------------------------------------------------------------------------------------------
network object inside192.168.2.0
  subnet 192.168.2.0 255.255.255.0
nat (inside,outside) source dynamic inside192.168.2.0 interface

object network smartproxy
  host 192.168.2.100
  nat (inside,outside) static my-public-IP

access-list outside_access_in extended permit tcp any object smartproxy range 800 899

----------------------------------------------------------------------------------------------

I expect is :
all the internal host except smartproxy(192.168.2.100) will use interface public IP. (working fine)

smartproxy will use my-public-IP to access the internet (not work, it still using interface public-IP)

external host can access smartproxy tcp port 800-899 via my-public-IP (working fine)

and then i try packet-tracer, I found it hit by the dynamic NAT rule :

Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,outside) source dynamic inside192.168.2.0 interface
Additional Information:
Dynamic translate 192.168.2.100/1234 to xxxxx/80
 
So , i tried to add below config:

nat (inside,outside) source static smartproxy smartproxy destination static my-public-IP my-public-IP

but nothing change , still not work.

I did many time NAT on 9.4 version and every time work, this is really tricky, I have no idea why ...any one can help ?

thanks!!!!


BTW , i found some strange config, not sure impact or not :
nat (inside,outside) source static inside192.168.2.0 inside192.168.2.0 destination static inside192.168.2.0 inside192.168.2.0

1 Accepted Solution

Accepted Solutions