ASDM in Dynamic NAT rule shows 0.0.0.0

[burtsbees]

I have a customer who is looking in the "Edit Dynamic NAT rule" pop up in ASDM on a PIX525, and as the "real address" for inside, it shows 0.0.0.0 0.0.0.0, and the translation is outside. I am being told it is a IOS bug, but I am not buying that...here are the interface and NAT commands...

Cisco PIX Security Appliance Software Version 7.2(2)

interface Ethernet1
nameif inside
security-level 100
ip address 10.200.2.1 255.0.0.0

nat-control
global (dmz) 1 interface
global (outside) 101 XXX.XXX.X3.1-XXX.XXX.X3.254 netmask 255.255.254.0
global (outside) 101 interface
nat (inside) 1 10.0.0.0 255.0.0.0
nat (inside) 101 0.0.0.0 0.0.0.0

I do have the sh tech output if needed, and a .png I could put up on ftp. Please advise (SuperGroverrr or Garnetbobcat...or anyone for that matter!). Thanks.

Burt

 

[Supergrrover]

I don't mess with the ASDM much but I believe it the graphical of this line

nat (inside) 101 0.0.0.0 0.0.0.0

I checked one of mine that has a specific network in there and that network comes up in that box.

Real Address - 172.16.1.0 255.255.255.128 translated to outside

It is just going to translate any network address that hits it from the inside (so you can have several subnets there and the asa won't care.) If you limit it like I did

nat (inside) 1 172.16.1.0 255.255.255.128

then only the 172.16.1.0/25 network will get out even if there are other networks behind that interface.

Long story short - don't worry, the CLI told it to do that.



Brent
Systems Engineer / Consultant
CCNP, CCSP