Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PAT Help

Status
Not open for further replies.
zinkann

zinkann

ISP
Jan 8, 2008
167
US
I have a 5520 that is having issues. I have one Dynamic NAT for a few different inside networks to one public IP. Also, included in my block of public IP's i have a few static one to one NAT's. The problem is i recently added another ISP. I configured one of my ASA interfaces with the IP the new ISP gave me. I created a PAT for ONE of my inside networks to that one new public IP. So basically i have two ISP's connected to my ASA. One for my normal network and one for a special vlan. When i try to get out to the internet i can't. When i look at the logging on the ASA it is coming back "PORTMAP TRANSLATION CREATION FAILED" I have NAT CONTROL on. When i turn it off the portmap error goes away but i still can't get out. Please....any suggestions?

CCNA, Network+
 
Sort by date Sort by votes
I think the port map error is a red herring.

What are your routes reading?

You have 2 connections to 2 ISPs, how can you do a route for all zeros to both.

 
Upvote 0 Downvote
yeah, I've thought about that already. Can't be two default routes. I'll have to try something else.

CCNA, Network+
 
Upvote 0 Downvote
You said it was for a specific VLAN, do you have a target subnet on that vlan? If so, route to that.
 
Upvote 0 Downvote
yes, just one subnet that contains publicly accessed computers. i need them to go out the new t1 connection because that link is provided by the state and has content filtering. at the same time i need to manage those PC's to run anti virus updates and such. My server admin needs to be able to access them as needed. I set up a layer 2 vlan today, configured a PIX for the internet connection. The server admin set up a domain controller but we couldn't access our LAN from this new public LAN. I think it may have been an issue with the PIX not being able to route on its inside interface. This is turning into a nightmare.

CCNA, Network+
 
Upvote 0 Downvote
Does anyone know if an ASA can can route back out the inside interface, because i know a PIX can't. The way i have our ASA5520 i want to say it can, but i want to know for sure before i order one. thanks

CCNA, Network+
 
Upvote 0 Downvote
Can you do me a diagram?

Your PIX is capable of running the V8, buying new may be a waste.

If this is VPN, yes it can, normal traffic not sure but I have spare PIX/ASA so can give it a try.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
269
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
311
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
68
tklamb
tklamb
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
89
PauS0n
PauS0n
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
110
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top