cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

158
Views
10
Helpful
2
Replies
Beginner

Asymetric NAT Problem ASA

Hey Dear Community,

 

i have a little Problem with NAT. Yes i did use the Forum Search and google but i couldnt figure out my Problem so i hope u can help me to understand what iam doing wrong and what is my problem.

So 

We Got an Customer with the Source IP of 77.94.224.1  he wants to Connect to a VM Located in our Company network 10.219.5.11
But iam alway getting "Asymetric NAT rule" error.

 

To mention is, that the Server 10.219.5.11 is able to Connect to the Internet with the NAT IP 62.157.*.*

 


LOG.png

 

NAT Problem.pngNAT Rule.pngNOT COnf.png


I Hope somebody can help me .

 

Thanks

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Mentor

Re: Asymetric NAT Problem ASA

Hello,

 

most likely there is an overlapping NAT translation somewhere. Post the config if the ASA...

View solution in original post

VIP Advisor

Re: Asymetric NAT Problem ASA

Hello
Sounds like you dont have a manual nat statement for an outside host to access that specific servers internal ip , Just having dynamic nat (inside/outside) translation shouldnt work.

object network Srv-Public
host 1.1.1.1 <server public ip

object network Internal-Srv
host 10.1.1.1
nat (inside,outside) static Srv-Public service tcp www www

access-list 100 extended permit tcp any object Internal-Srv eq www
access-group 100 in interface outside



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

2 REPLIES 2
VIP Mentor

Re: Asymetric NAT Problem ASA

Hello,

 

most likely there is an overlapping NAT translation somewhere. Post the config if the ASA...

View solution in original post

VIP Advisor

Re: Asymetric NAT Problem ASA

Hello
Sounds like you dont have a manual nat statement for an outside host to access that specific servers internal ip , Just having dynamic nat (inside/outside) translation shouldnt work.

object network Srv-Public
host 1.1.1.1 <server public ip

object network Internal-Srv
host 10.1.1.1
nat (inside,outside) static Srv-Public service tcp www www

access-list 100 extended permit tcp any object Internal-Srv eq www
access-group 100 in interface outside



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here