cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
10
Helpful
2
Replies

Asymetric NAT Problem ASA

Gustav Klein
Level 1
Level 1

Hey Dear Community,

 

i have a little Problem with NAT. Yes i did use the Forum Search and google but i couldnt figure out my Problem so i hope u can help me to understand what iam doing wrong and what is my problem.

So 

We Got an Customer with the Source IP of 77.94.224.1  he wants to Connect to a VM Located in our Company network 10.219.5.11
But iam alway getting "Asymetric NAT rule" error.

 

To mention is, that the Server 10.219.5.11 is able to Connect to the Internet with the NAT IP 62.157.*.*

 


LOG.png

 

NAT Problem.pngNAT Rule.pngNOT COnf.png


I Hope somebody can help me .

 

Thanks

2 Accepted Solutions

Accepted Solutions

Hello,

 

most likely there is an overlapping NAT translation somewhere. Post the config if the ASA...

View solution in original post

Hello
Sounds like you dont have a manual nat statement for an outside host to access that specific servers internal ip , Just having dynamic nat (inside/outside) translation shouldnt work.

object network Srv-Public
host 1.1.1.1 <server public ip

object network Internal-Srv
host 10.1.1.1
nat (inside,outside) static Srv-Public service tcp www www

access-list 100 extended permit tcp any object Internal-Srv eq www
access-group 100 in interface outside


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Hello,

 

most likely there is an overlapping NAT translation somewhere. Post the config if the ASA...

Hello
Sounds like you dont have a manual nat statement for an outside host to access that specific servers internal ip , Just having dynamic nat (inside/outside) translation shouldnt work.

object network Srv-Public
host 1.1.1.1 <server public ip

object network Internal-Srv
host 10.1.1.1
nat (inside,outside) static Srv-Public service tcp www www

access-list 100 extended permit tcp any object Internal-Srv eq www
access-group 100 in interface outside


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco