cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
505
Views
15
Helpful
13
Replies

Forwarding the public IP pool

Hello everyone.

I have a situation like this:

I have a pool of public addresses. x.x.98.126/30

the whole pool is used for different services and servers.

x.x.98.126 -I used for regular users.

the problem is that port forwarding is configured for the given IP (x.x.98.126) address not working.

eg x.x.98.133- everything works all forwards.

I also have VPN-anyconnect on x.x.98.126 - it also does not work.

but if I visit myip.com here it shows me that I have x.x.98.126.

strange what's going on.

who can help fix and suggest what happened?

1 ACCEPTED SOLUTION

Accepted Solutions

Hello,

 

basically, what you need to do is create the 'pat-pool' object that your NAT statements are referring to:

 

nat (INSIDELINK,outside) source dynamic X.X.0.0 pat-pool interface
nat (INSIDELINK,outside) source dynamic inside_network pat-pool interface
nat (INSIDELINK,outside) source dynamic X.X.100.0 pat-pool interface
nat (INSIDELINK,outside) source dynamic X.X.101.0 pat-pool interface
nat (INSIDELINK,outside) source dynamic X.X.102.0 pat-pool interface

 

This object is not in your configuration, add it:


object network pat-pool
range x.x.98.127 x.x.98.132

View solution in original post

13 REPLIES 13
Georg Pauwen
VIP Expert

Hello,

 

--> I have a pool of public addresses. x.x.98.126/30

 

If that is your address pool, only addresses x.x.98.127 and x.x.98.128 would be available. Can you clarify ?

balaji.bandi
VIP Master

If you are using this IP ( (x.x.98.126) )for NAT going outside network for you LAN, then we may need to understand configuration before we suggest something here so please do post the full configuration to undertand.

 

Rest other IP address working because there no issue with that IP since it as not used.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

HI balaji.bandi 

I have put some screenshots. if this is not enough, you can tell what kind of information to provide you. I'll post it all.

Screenshot_1.jpg

Screenshot_2.jpg

Screenshot_3.jpg

Screenshot_4.jpg

    

Hello,

 

since you are using FMC, I assume you are trying to configure either an ASA or a Firepower device ? Either of those has a CLI and the 'sh run' command, post the output of that...

Dear Georg Pauwen.

 

sh run in the attachment. sorry but I hid IP addresses

Hello,

 

I cannot find the network object 'pat-pool' anywhere in your configuration ? You are referring to that object in several NAT statements, make sure it is actually defined..

pat2.jpg

pat1.jpg

pat4.jpg

pqt3.jpg

 

 

Thank you for your prompt reply.

 

Forgive me, I'm not a high-level specialist. You probably already guessed it.

Do I need to do this?

Hello


@Bahodir Mirzakamalov wrote:

Forgive me, I'm not a high-level specialist. You probably already guessed it.

Do I need to do this?


I would be careful then as this looks like it a production FW and as such if you dont know what your are doing then you could cause an outage - Document any changes you make so you can at least backout if need be, if something you apply doesn't work then don't leave it and try and add another avenue remove that last change and then proceed.

Make sure you have a change window for any changes so at least your covered if the worst happens. 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

Hello,

 

all of the (dynamic, since there are no static) NAT translations that go out the 'outside' interface, as well as the VPN, are referring to a non-existing network object named 'pat-pool'. That means nothing that uses your x.x.98.126 address will work. You need to create the network object and put whatever you need in there.

ERROR

ERROR1.jpg

paul driver
VIP Mentor

Hello


@Bahodir Mirzakamalov wrote:

Hello everyone.

I have a situation like this:

I have a pool of public addresses. x.x.98.126/30

the whole pool is used for different services and servers.

x.x.98.126 -I used for regular users.

the problem is that port forwarding is configured for the given IP (x.x.98.126) address not working.

eg x.x.98.133- everything works all forwards.

I also have VPN-anyconnect on x.x.98.126 - it also does not work.

but if I visit myip.com here it shows me that I have x.x.98.126.

 


Doesn't make sense those two highlighted addresses are in deferent subnenetworks?
What single ip address are you using i assume its x.x.98.126/30 for all egress traffic even specific port address translation?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

Thanks to all. it was a weekend and there was no access to equipment. today I will continue to understand, taking into account all the recommendations above.

I just do not understand what exactly I need to do. Can anyone advise what exactly I should try to do?

Hello,

 

basically, what you need to do is create the 'pat-pool' object that your NAT statements are referring to:

 

nat (INSIDELINK,outside) source dynamic X.X.0.0 pat-pool interface
nat (INSIDELINK,outside) source dynamic inside_network pat-pool interface
nat (INSIDELINK,outside) source dynamic X.X.100.0 pat-pool interface
nat (INSIDELINK,outside) source dynamic X.X.101.0 pat-pool interface
nat (INSIDELINK,outside) source dynamic X.X.102.0 pat-pool interface

 

This object is not in your configuration, add it:


object network pat-pool
range x.x.98.127 x.x.98.132

View solution in original post