Guest

Preview Tool

Cisco Bug: CSCum72854 - Traffic does not hit Twice NAT configured after Static PAT

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(2)

Description (partial)

Symptom:
If static PAT (NAT for port translation) is configured, traffic may not hit twice NAT which follows the static PAT.

-------
object network obj_30.1.1.1
 host 30.1.1.1
object network obj_20.1.1.1
 host 20.1.1.1
object service http
 service tcp destination eq www
object service xxxxx
 service tcp destination eq 10000

nat (outside,inside) source static obj_20.1.1.1 obj_20.1.1.1 destination static obj_30.1.1.1 obj_30.1.1.1 service http xxxxx unidirectional
nat (outside,inside) source static obj_20.1.1.1 obj_20.1.1.1
------

Traffic from 20.1.1.1 to 30.1.1.1 fails even if it should hit the second NAT rule.

Conditions:
Static PAT is configured.

Related Community Discussions

<key>CSCum72854</key> - Traffic does not hit Twice NAT configured after Static PAT
Hello,   Im trying to replicate this scenario on a 9.1(2), traffic coming from a VPN L2L, we are going to nat 20.1.1.1 to internal ip 2.1.1.2 when destination is 30.1.1.1 nat (outside,inside) source static obj_20.1.1.1 obj_2.1.1.2 destination static obj_30.1.1.1 obj_30.1.1.1 Conditions: Static PAT is configured. Workaround: Add the same NAT as the first one on the second line without service option or unidirectional option. nat (outside,inside) source static obj_20.1.1.1 obj_2.1.1.2 destination static ...
Latest activity: Sep 27, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.