Hello:
I have a customer who's having problems maintaining a connection for longer than 20 seconds and his people suspect it's a NAT issue. I looked into the firewall that acts as a gateway for this customer and NATs our inside addresses to outside addresses and found the following. Can anyone tell me with certainty whether this set of NAT rules would result in in a conflict for the two hosts, or whether the ASA (version 9.1) is smart enough to always apply the most specific NAT rules?
As you can see below, we have two specific static NAT rules for two hosts, and then we have a third NAT rule for the entire subnet those two hosts are in. I've masked the IP addresses.
FW# sho run nat | i outside nat (inside,outside) source static 10.11.0.10 192.0.2.69 nat (inside,outside) source static 10.11.0.11 192.0.2.70 nat (inside,outside) source static obj-10.11.0.0_24 obj-192.0.2.71-192.0.2.80
No comments:
Post a Comment