NAT issues
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by jrmann1999@gmail.com on March 12, 2007, 9:29 pm
Please log in for more thread options PAT working on my new ASA 5510, here's the relevant sections of config: interface Ethernet0/0 nameif inside security-level 100 ip address 192.168.1.222 255.255.255.0 interface Ethernet0/1 nameif outside security-level 0 ip address A.B.C.D 255.255.255.128 global (outside) 2 interface nat (inside) 2 access-list FlowA access-list FlowA extended permit ip 192.168.200.0 255.255.255.192 any route outside 0.0.0.0 0.0.0.0 A.B.C.E 1 route inside 192.168.1.0 255.255.255.0 192.168.1.14 1 All internal traffic from 200.x to 1.x works great, but when 200.x tries to get to the internet it gets timeouts Show xlate shows 0 translations happening, where have I gone wrong? 200.x are addresses given out by inbound VPN connections from roadwarrier clients. | |||||||||||||||||||
|
Posted by Martin Bilgrav on March 13, 2007, 8:00 am
Please log in for more thread options should read: no route inside 192.168.1.0 255.255.255.0 192.168.1.14 1 route inside 192.168.200.0 255.255.255.0 192.168.1.14 1 OR am I wrong ? | |||||||||||||||||||
|
Posted by on March 13, 2007, 9:05 am
Please log in for more thread options wrote:
> I followed Cisco's instructions to the T, yet can't get simple Dynamic
> PAT working on my new ASA 5510, here's the relevant sections of > config: > > interface Ethernet0/0 > nameif inside > security-level 100 > ip address 192.168.1.222 255.255.255.0 > interface Ethernet0/1 > nameif outside > security-level 0 > ip address A.B.C.D 255.255.255.128 > global (outside) 2 interface > nat (inside) 2 access-list FlowA > access-list FlowA extended permit ip 192.168.200.0 255.255.255.192 any > route outside 0.0.0.0 0.0.0.0 A.B.C.E 1 > route inside 192.168.1.0 255.255.255.0 192.168.1.14 1 > > All internal traffic from 200.x to 1.x works great, but when 200.x > tries to get to the internet it gets timeouts > > Show xlate shows 0 translations happening, where have I gone wrong? > 200.x are addresses given out by inbound VPN connections from > roadwarrier clients I am assuming that you have a router/layer 3 switch on the inside network routing between the 192.168.200.x network and the 192.168.1.x network? If there are no NAT translations appearing on the ASA it looks as if the traffic isn't hitting the ASA so do you have a default route configured on your internal router pointing at the ASA? Also you have no route inside statement on the ASA for the 192.168.200.0 255.255.255.192 network so traffic originating from this network will not be able to route back. The existing route inside statement a mistake? It is not required as the 192.168.1.0 255.255.255.0 network is your directly connected inside network so you don't need a route for that! Other than that, the PAT config looks OK. Cheers, Mark | |||||||||||||||||||
| Similar Threads | Posted |
| 503 dmz+vpn issues | December 14, 2005, 11:19 am |
| 503 dmz+vpn issues | December 14, 2005, 11:19 am |
| NAT issues | March 12, 2007, 9:29 pm |
| VPN Issues on 837 | March 23, 2007, 9:08 am |
| ASA OS QA issues?? | May 30, 2007, 1:18 pm |
| BGP issues | June 27, 2008, 3:59 pm |
| Cisco VPN issues | August 2, 2005, 6:30 pm |
| VLAN Issues | September 22, 2005, 4:18 pm |
| IOS ipsec issues | October 11, 2005, 2:59 am |
| PIX 501 newbie (VPN issues) | October 31, 2005, 4:38 pm |
| VPN Internet Issues | January 8, 2006, 8:56 am |
| VPN Internet Issues | January 8, 2006, 8:55 am |
| VPN Internet Issues | January 8, 2006, 8:57 am |
| cisco 837 ip issues | January 26, 2006, 2:00 pm |
| Switch Issues | March 10, 2006, 6:01 pm |
> PAT working on my new ASA 5510, here's the relevant sections of
> config:
>
> interface Ethernet0/0
> nameif inside
> security-level 100
> ip address 192.168.1.222 255.255.255.0
> interface Ethernet0/1
> nameif outside
> security-level 0
> ip address A.B.C.D 255.255.255.128
> global (outside) 2 interface
> nat (inside) 2 access-list FlowA
> access-list FlowA extended permit ip 192.168.200.0 255.255.255.192 any
> route outside 0.0.0.0 0.0.0.0 A.B.C.E 1
> route inside 192.168.1.0 255.255.255.0 192.168.1.14 1
>
> All internal traffic from 200.x to 1.x works great, but when 200.x
> tries to get to the internet it gets timeouts
>
> Show xlate shows 0 translations happening, where have I gone wrong?
> 200.x are addresses given out by inbound VPN connections from
> roadwarrier clients.
>