Asa5525 nat

gurowar · January 19, 2024, 10:19pm

Good day all:

Not sure what I am doing wrong here but I have an ASA5525 and I am trying to set up NAT but for some reason it isn’t working. I created the objects

object network datadriven6.comedastaging.com
 host 220.10.197.84

object network PSREPORTS04
 host 10.3.14.58

I put in the NAT statement

object network PSREPORTS04
 nat (any,any) static datadriven6.comedastaging.com

But when I check for the translations I don’t see anything, what am I missing?

ColoASA# sh xlat | inc 10.3.14.58
ColoASA#
ColoASA#

Thank you in advance!!

Warrem

lagapidis · January 22, 2024, 10:44am

Hello Warren

First of all, you can take a look at this lesson to see an example of applying NAT to an ASA.

The configuration has some small differences to yours, but should result in the same thing.

Now looking at your configuration, it should work, assuming you are initiating traffic from the inside interface towards the outside interface. Otherwise you will have to create an access list just like in the above lesson to allow such traffic.

One more thing. You will only see translations in the xlat table if you have traffic matching that NAT rule. So you should initiate some pings to activate the rule and then check again for the translations in the table. Let us know how you get along.

I hope this has been helpful!

Laz

gurowar · January 22, 2024, 5:12pm

Thank you Laz, will keep you updated

gurowar · January 26, 2024, 2:53pm

Sorry guys for the repeat to my original post ASA5525 NAT, I was trying to update it with my findings but for some reason wasn’t able to. But at any rate here was the fix to my issue:

Problem solved so the reason why I wasn’t able to add the following object NAT

object network PSREPORTS04
 nat (any,any) static datadriven6.comedastaging.com

was due to this being on top

object network dmz
 nat (dmz,outside) dynamic interface

I had to remove my object NAT and change it to a manual NAT as follows:

nat (dmz,outside) source static prsreports04 datadriven6.omedastaging.com

once I did that I was able to see it in the configuration when I did a show run and when I check for the translations I was able to see it

ColoASA# sh xlate | inc 220.10.197.84
NAT from dmz:10.3.14.58 to outside:220.10.197.84

I need to review my NATs, thank you Laz for the NAT config lesson I will need to review in depth.

Appreciate your help!!!

Thank you, sir!!!

lagapidis · January 29, 2024, 5:37am

Hello Warren

I found your original post and moved your new post into the same thread. Thanks so much for following up on this, it’s of great help and it’s much appreciated!

Take a look at this NetworkLessons note on the topic for more information, it may be helpful to further clarify.

Laz