Cisco Cisco ASA 5545-X Adaptive Security Appliance Guía Para Resolver Problemas
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
How to Troubleshoot NAT Problems
Use the Packet Tracer Utility
In order to troubleshoot problems with NAT configurations, use the packet tracer utility in order to verify that
a packet hits the NAT policy. Packet tracer allows you to specify a sample packet that enters the ASA, and the
ASA indicates what configuration applies to the packet and if it is permitted or not.
a packet hits the NAT policy. Packet tracer allows you to specify a sample packet that enters the ASA, and the
ASA indicates what configuration applies to the packet and if it is permitted or not.
In the example below, a sample TCP packet that enters the inside interface and is destined to a host on the
Internet is given. The packet tracer utility shows that the packet matches a dynamic NAT rule and is translated
to the outside IP address of 172.16.123.4:
Internet is given. The packet tracer utility shows that the packet matches a dynamic NAT rule and is translated
to the outside IP address of 172.16.123.4:
ASA# packet−tracer input inside tcp 10.10.10.123 12345 209.165.200.123 80
...(output omitted)...
Phase: 2
Type: NAT
Subtype:
Result: ALLOW
Config:
object network 10.10.10.0−net
nat (inside,outside) dynamic interface
Additional Information:
Dynamic translate 10.10.10.123/12345 to 172.16.123.4/12345
...(output omitted)...
Result:
input−interface: inside
input−status: up
input−line−status: up
output−interface: outside
output−status: up
output−line−status: up
Action: allow
ASA#