Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

Cisco ASA NAT issue

Tejas Kunte
Level 1
Level 1

‎10-15-2015 07:41 AM - edited ‎03-08-2019 02:13 AM

i have an ASA setup as follows

 

         10.11.34.1 (Mgmt)----ASA----(Production) 10.11.35.1

 

both interfaces are at security level 100

i have setup a NAT policy so that if 10.11.34.15 wants to talk to 10.11.35.239 or 10.11.35.240 source IP is NATed to 172.21.34.15

 

this is the NAT statement is have 

 

nat (Mgmt,Production) source static ECW17MGMT001 RP_NAT destination static RP RP

 

the setup is not working

 

if i do a packet trace from 10.11.34.15 to 10.11.35.239 it completes

 if i reverse it from 35.239 to 34.15 it fails (says Action-DROP) in the NAT section

 

i have verified that no ACLs applied to the interfaces are blocking any traffic

 

 

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎10-18-2015 04:43 AM

Is it only packet-tracer that gives an error? And what is your exact command for packet-tracer? You have to use the translated address (172.21.34.15) as the destination in packet-tracer.

0 Helpful

piyush.dhupia
Level 1
Level 1

‎10-19-2015 11:14 PM

Hi

if your asa image is latest(after9.1) then you must to use original ip not natted IP.

you can use PAT and allow complete network and under access list define the acl.

hope it work

regards,

Piyush

 

0 Helpful
Customers Also Viewed These Support Documents