Hey guys,
Can anyone help me understand why this NAT is behaving like it is?
object network obj-net-172.16.102.0_24 subnet 172.16.102.0 255.255.255.0 object network obj-host-172.16.0.18 host 172.16.0.18 object network obj-host-10.68.2.120 host 10.68.2.120 nat (any,outside) source static obj-net-172.16.102.0_24 obj-host-172.16.0.18 destination static obj-host-10.68.2.120 obj-host-10.68.2.120 nat (any,outside) source static RFC1918 RFC1918 destination static RFC1918 RFC1918 no-proxy-arp route-lookup
Whenever I packet-trace from, for example, 172.16.102.181 6556 to 1.1.1.1 443 the NAT hits my outside interface just like I want it to:
Additional Information: Dynamic translate 172.16.102.181/6556 to 172.16.0.16/6556
However, packet-tracing from 172.16.102.181 6556 to 10.68.2.120 443 hits my RFC1918 NAT instead of my 172.16.0.18 NAT. I thought ASAs handled more specific NATs first and then broader ones. I'm assuming I'm mistaken somehow but I'm not sure how to go about changing this.
Thanks!
No comments:
Post a Comment