1. Home
  2. Cisco Systems
  3. NAT issues

NAT issues

I followed Cisco's instructions to the T, yet can't get simple Dynamic PAT working on my new ASA 5510, here's the relevant sections of config:

interface Ethernet0/0 nameif inside security-level 100 ip address 192.168.1.222 255.255.255.0 interface Ethernet0/1 nameif outside security-level 0 ip address A.B.C.D 255.255.255.128 global (outside) 2 interface nat (inside) 2 access-list FlowA access-list FlowA extended permit ip 192.168.200.0 255.255.255.192 any route outside 0.0.0.0 0.0.0.0 A.B.C.E 1 route inside 192.168.1.0 255.255.255.0 192.168.1.14 1

All internal traffic from 200.x to 1.x works great, but when 200.x tries to get to the internet it gets timeouts

Show xlate shows 0 translations happening, where have I gone wrong?

200.x are addresses given out by inbound VPN connections from roadwarrier clients.
Reply to
jrmann1999
Loading thread data ...

route inside 192.168.1.0 255.255.255.0 192.168.1.14 1 should read: no route inside 192.168.1.0 255.255.255.0 192.168.1.14 1 route inside 192.168.200.0 255.255.255.0 192.168.1.14 1

OR am I wrong ?

skrev i en meddelelse news: snipped-for-privacy@p10g2000cwp.googlegroups.com...

Reply to
Martin Bilgrav

I am assuming that you have a router/layer 3 switch on the inside network routing between the 192.168.200.x network and the 192.168.1.x network? If there are no NAT translations appearing on the ASA it looks as if the traffic isn't hitting the ASA so do you have a default route configured on your internal router pointing at the ASA?

Also you have no route inside statement on the ASA for the

192.168.200.0 255.255.255.192 network so traffic originating from this network will not be able to route back.

The existing route inside statement a mistake? It is not required as the 192.168.1.0 255.255.255.0 network is your directly connected inside network so you don't need a route for that!

Other than that, the PAT config looks OK.

Cheers,

Mark

Reply to
mark.kelly

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.