Hello there,
Only one interface is not being translated to the outside (G1/2 - ESXi)------PAT---->(G1/1 - Dflt-Gw)
The other inside interfaces HOME LAB and DNS can get to the internet with no problem,
The ASA and hosts on other interfaces (pre-NAT) can be reached from the ESXi VMs,
When doing a packet tracer test on the ASA comes back with a sucesful message but as we can see no hits are being translated.
No ACLs configured on this device, only security levels and NAT/PAT to the outside,
Let me know if you'd like more info,
Thanks in advance for any comments on this,
5506-X# show nat
Auto NAT Policies (Section 2)
1 (DNS) to (outside) source dynamic DNS interface
translate_hits = 4702, untranslate_hits = 637
2 (ESXi-1) to (outside) source dynamic ESXi-1-OBJ interface
translate_hits = 0, untranslate_hits = 0
3 (HOME-LAN) to (outside) source dynamic HOME-LAN-OBJ interface
translate_hits = 7757, untranslate_hits = 188
5506-X# show run nat
!
object network HOME-LAN-OBJ
nat (HOME-LAN,outside) dynamic interface
object network ESXi-1-OBJ
nat (ESXi-1,outside) dynamic interface
object network DNS
nat (DNS,outside) dynamic interface
5506-X# show run object
object network HOME-LAN-OBJ
subnet 192.168.5.128 255.255.255.240
object network ESXi-1-OBJ
subnet 192.168.5.176 255.255.255.249
object network DNS
host 192.168.5.190
5506-X# show run interface
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 192.168.5.186 255.255.255.252
!
interface GigabitEthernet1/2
nameif ESXi-1
security-level 100
ip address 192.168.5.177 255.255.255.248
!
interface GigabitEthernet1/3
nameif DNS
security-level 100
ip address 192.168.5.189 255.255.255.252
!
interface GigabitEthernet1/5
nameif HOME-LAN
security-level 100
ip address 192.168.5.129 255.255.255.240
!
5506-X# show run route
route outside 0.0.0.0 0.0.0.0 192.168.5.185 1
No comments:
Post a Comment