From: Tony Schaffran \(GS\) (groupstudy@cconlinelabs.com)
Date: Thu Mar 26 2009 - 18:52:12 ART
Without seeing your actual config, all we can do is speculate what may have
caused your issue with changing the IP address on the outside interface.
Tony Schaffran
Sr. Network Consultant
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alexei Monastyrnyi
Sent: Tuesday, March 24, 2009 1:11 PM
To: security@groupstudy.com
Cc: Cisco certification
Subject: Fishy ASA dynamic NAT behavior after IP address change
Hi Group.
Just wonder if someone has come across this.
I was changing IP address on ASA 8.0(4) system which does selective
dynamic PAT like below, about 30 such N-pairs.
nat (inside) 0 access-list nonat
nat (inside) N access-list xyz
global (outside) N IP-address/pool
After IP change on outside interface, dynamic part NAT engine stopped
working. And it was a lot of [Scanning] messages severity 4 in the log.
Show xlat showed only static PAT entries, all traffic which was supposed
to get NATted or go via nonat ACL was just black-holed.
shut/no shut on outside interface didn't do. The only way I could fix it
is by ASA unit reload.
I checked open caveats for 8.0(40 are open/relosved for higher interim
releases, no luck.
Shall one expect restarting productin systems after IP address chenge?
Sounds na bit uts. :-)
Hints are appreciated.
Cheers,
A
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:07 ART