Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1881
Views
0
Helpful
10
Replies

One to One NAT Issue

ahsan1
Level 1
Level 1

‎09-19-2021 11:24 PM

i All,

can anyone face similar issue that after reboot the firepower 2110, static NAT (one to one) from one interface is not working but from another interface it is working.

Labels:
0 Helpful
10 Replies 10

Georg Pauwen
VIP
VIP

‎09-20-2021 12:00 AM

Hello,

 

I checked for bugs, nothing there. Are these interfaces in the same or in different interface groups ?

0 Helpful

ahsan1
Level 1
Level 1

‎09-20-2021 12:06 AM

Thanks for the response.

Physical interfaces are from 2 different ISP's. Can you please more elaborate? 

0 Helpful

Georg Pauwen
VIP
VIP
In response to ahsan1

‎09-20-2021 12:26 AM

Hello,

 

what I mean is that interfaces can belong to different interface groups (same security group obviously).

 

After the reboot, when you send traffic over the one-to-one NAT entry, does anything show up in:

 

show xlate

show asp table classify domain nat

show asp table classify domain nat-reverse

 

?

0 Helpful

ahsan1
Level 1
Level 1
In response to Georg Pauwen

‎09-20-2021 12:48 AM

No entry showing from that public nat public IP, which has been checked from your shared commands.

0 Helpful

paul driver
VIP
VIP

‎09-20-2021 12:40 AM

Hello

@ahsan1 wrote:

, static NAT (one to one) from one interface is not working but from another interface it is working.

Can you elaborate,
Can you ping from the hidden address (natted) to the outside network?

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ahsan1
Level 1
Level 1
In response to paul driver

‎09-20-2021 12:43 AM

No i am unable to ping from outside to the natted public ip.

0 Helpful

paul driver
VIP
VIP
In response to ahsan1

‎09-20-2021 02:00 AM

So internally from that natted host you have no connection externally, Have you checked to see if  the ASA has lost its nat configuration after the reload?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ahsan1
Level 1
Level 1
In response to paul driver

‎09-20-2021 02:21 AM

No it has not removed because configuration was saved.

0 Helpful

Georg Pauwen
VIP
VIP
In response to ahsan1

‎09-20-2021 02:43 AM

Hello,

 

post the full running config of the 2110...

0 Helpful

paul driver
VIP
VIP
In response to ahsan1

‎09-20-2021 07:36 AM - edited ‎09-20-2021 07:37 AM

Hello

 

@ahsan1 wrote:

No it has not removed because configuration was saved.

Well if it was working before a reload and it isn’t now, something has changed and if your positive no cfg has been lost, Have you DIIF examined the pre-/post  running config and make sure all objects groups, access-lists and NAT statements have parity?

What about physical issue are all ports in a up/up state that was before reload?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card