NAT not NAT

hsnanua2011 · ‎09-10-2011

Dear all,

This is a very simple question, but i am at my wits end for this.

I am trying to perform NAT. I have an ip address (spare) which is 211.23.2.249. The real router ip address is 211.23.2.250.

Anyway, this is an ASA.

What has been done is

1.

access-list IPADDRESSES extended permit ip 10.103.0.0. 255.255.0.0 host 213.23.23.21

2.

global (outside) 10 211.23.2.249

3.

nat (inside) 10 access-list IPADDRESSES

This should tranform all 10.103.0.0/16 to 211.23.2.249 right?

But its not happening. I tried pinging the 211.23.2.249 but timeout.

Help me..

Thanks

hsnanua2011 · ‎09-11-2011

Hi, an addition

This is what i get

vpn# sh nat

match ip inside IPADDRESSES 255.255.255.0 inside host 214.43.34.2

dynamic translation to pool 10 (No matching global)

The ip address 211.23.2.249 is an unused ip. I cant ping it also from any hosts.

Help

douhanm · ‎09-11-2011

It will only nat if the destination ip is 213.23.23.21 as this what you have specified in your access list IPADRESSES

Is that what you want? Or do you want them to be NAT ed for all destinations in that case change the destination from host x to any any in your address list and make sure you don't have overlapping nat statements

Sent from Cisco Technical Support iPhone App

hsnanua2011 · ‎09-11-2011

Hello,

True. But this would be a more confusing situation. Initially, we were trying to make a VPN tunnel with an external host, but even phase 1 failed. We taught that the NAT-ing could be the issue.

Is there any way to eliminate this worry? To test wheteher the NAT is working fine, besides relying on the power of command line accuracy?

Thanks!