I have a Cisco ASA 5550 running ASA software version 8.2
Trying to setup a policy NAT for a VPN to a remote office that has a conflict with the local subnet being uses on our side. It appears like the Static NAT is not happening and I haven't been able to see why.
local subnet: 192.168.60.0/23
remote subnet: 192.168.10.0/24
translated subnet: 192.168.160.0/23
Here are some of the relevant configuration lines from the ASA:
ACL to identify traffic for policy nat:
access-list inside_nat_static extended permit ip 192.168.60.0 255.255.254.0 192.168.10.0 255.255.255.0
Static NAT statement for policy NAT:
static (inside,outside) 192.168.160.0 access-list inside_nat_static
NAT exempt statements:
global (outside) 10 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 192.168.60.0 255.255.254.0
The inside_nat0_outbound ACL has the following entry in it:
access-list inside_nat0_outbound extended permit ip 192.168.60.0 255.255.254.0 192.168.10.0 255.255.255.0
When I do a "show NAT inside outside" command I see the following results:
match ip inside 192.168.60.0 255.255.254.0 outside 192.168.10.0 255.255.255.0
translate_hits = 16309, untranslate_hits = 0
match ip inside 192.168.60.0 255.255.254.0 outside 192.168.10.0 255.255.255.0 static translation to A-192.168.160.0
translate_hits = 0, untranslate_hits = 0
If I do a "show access-list inside_nat_static" the hit counter shows 0 as if it isn't even trying do the static translation.
Any thoughts or suggestions would be helpful.