Trying to Map inside host tp Public IP - gets two Public IPs?

stownsend · ‎09-27-2012

I's like to map an Internal IP to an External IP. I have the Following code:

object network myserver_o 
 host 192.168.1.40
object network myserver_i 
 host 10.1.0.40
object network myserver_i
 nat (hbg-inside,hbg-outside-192) static myserver_o

When I look at the xlate table I see the Following:

ASA# sh xlate local 10.1.0.40

106 in use, 208 most used

Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice

NAT from hbg-inside:10.1.0.40 to hbg-outside-192:192.168.1.40

flags s idle 3:17:00 timeout 0:00:00

NAT from hbg-inside:10.1.0.40 to hbg-outside-192:192.168.1.178 flags i idle 0:18:49 timeout 3:00:00

Where is the 192.168.1.178 Address coming from?

Thanks.

Luis Silva Benavides · ‎09-27-2012

Hi,

Thanks for posting. What does the rest of your NAT configuration states?

What happens if you run a clear xlate? it still appears on the xlate table?

If you do a show local-host 192:192.168.1.178 what do you see on the console?

Luis

Luis Silva

stownsend · ‎09-29-2012

Another thing to note, the 192.168.1.x Subnet is not really 192.168.1.x, its out Public Address Space.

The only odd thing that I know of in our configuration is that we have two Class C Public Subnets that are on the ASA. Since you can only have one route out, be default devices get a address from the 192.168.1.x NAT Pool when they commnuicate out. If I want to Define a static NAT Mapping for a Server on the 2nd Classs C Subnet, it will have both a Inbound 172.16.1.x Static Address and an outbound 192.168.1.x Dynamic NAT address.

For instance this is our DNS Server:

jack# sh xlate local 10.1.0.14

62 in use, 208 most used

Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice

NAT from hbg-inside:10.1.0.14 to hbg-outside-172:172.16.1.14

flags s idle 0:00:16 timeout 0:00:00

NAT from hbg-inside:10.1.0.14 to hbg-outside-192:192.168.1.70 flags i idle 2:36:05 timeout 3:00:00

Here is the 'show run nat'

nat (hbg-inside,hbg-outside-192) source static LOCAL_NETWORK LOCAL_NETWORK destination static REMOTE_NETWORK REMOTE_NETWORK descrips
nat (hbg-inside,hbg-outside-192) source static NETWORK-SF NETWORK-SF destination static NETWORK-OLIVET NETWORK-OLIVET
nat (hbg-inside,hbg-outside-172) source dynamic any 172.16.1-NAT-POOL interface
nat (hbg-inside,hbg-outside-192) source dynamic any 192.168.1-NAT-POOL interface
nat (hbg-inside,hbg-outside-192) source static NETWORK-HBG NETWORK-HBG destination static NETWORK-MEINZ NETWORK-MEINZ
nat (hbg-inside,hbg-outside-204) source static LOCAL_NETWORK LOCAL_NETWORK destination static REMOTE_NETWORK REMOTE_NETWORK
!
object network vsvr-itsystems2_i
 nat (hbg-inside,hbg-outside-172) static vsvr-itsystems2_o
object network vsvr-internet_i
 nat (hbg-inside,hbg-outside-172) static vsvr-internet_o
object network hbgipoffice_i
 nat (hbg-inside,hbg-outside-192) static hbgipoffice_o
object network sfipoffice_i
 nat (hbg-inside,hbg-outside-192) static sfipoffice_o

Here is the "show local-host 192.168.1.178"

jack# show local-host 192.168.1.178

Interface management: 0 active, 0 maximum active, 0 denied

Interface hbg-inside: 60 active, 207 maximum active, 0 denied

Interface hbg-outside-192: 288 active, 9904 maximum active, 0 denied

Interface hbg-outside-204: 344 active, 1790 maximum active, 0 denied

Thanks!