Dynamic NAT parameters

Similar Messages

• How to configure inbound ruleset in dynamic nat.

  Hi ,
  I have a doubt on configure the inbound rules for dynamic nat. I want to allow my web server (172.16.101.115) able connect from outside with tcp/443.
  How do I configure the inbound ruleset for allow public connect to my webserver with tcp/443 in dynamic nat.
  Here I have draw a diagram and some configuration i have configure in my ASA 8.2. Please correct me if I was wrong config it. 
  Public IP: 10.10.10.28
  Private IPs:
  172.16.101.115
  172.16.101.116
  172.16.101.117
  172.16.101.118
  172.16.101.119
  172.16.101.120
  access-list Web_nat permit ip host 172.16.101.115 any
  access-list Web_nat permit ip host 172.16.101.116 any
  access-list Web_nat permit ip host 172.16.101.117 any
  access-list Web_nat permit ip host 172.16.101.118 any
  access-list Web_nat permit ip host 172.16.101.119 any
  access-list Web_nat permit ip host 172.16.101.120 any
  nat (firewall-dmz) 1 access-list Web_nat
  global (firewall-outbound) 1 10.10.10.28
  access-list fw-outbound-access permit tcp any host 10.10.10.28 eq 443 //allow outside connect to my external ip.
  access-list fw-dmz-access permit tcp any host 172.16.101.115 eq 443 //allow my translation ip connect to my webserver with tcp/443.

  Hi,
  I am not sure what you are attempting to configure here.
  But what the NAT configuration above does is do a Dynamic PAT for all the servers on the "firewall-dmz" to a single IP address towards the "firewall-outbound"
  This Dynamic translation doesnt however enable connections to be initiated from behind the "firewall-outbound" interface. When your hosting a server which needs a NAT towards the users then the NAT type has to be Static NAT or Static PAT.
  Static NAT will essentially use up one public IP address for just the single local host/server.
  Static PAT will do a Port Forward from the public IP address and public port to the local IP and local port. And this is most commonly used with environments which only public IP address is the one that the ASA holds in its WAN interface.
  A typical Static NAT configuration is this
  static (inside,outside) 1.1.1.1 10.10.10.10 netmask 255.255.255.255
  Where
  inside = is the interface behind which the host is
  outside = is the interface towards which the host is NATed
  1.1.1.1 = is the public NAT IP address for the host
  10.10.10.10 = is the local IP address of the host
  A typical Static PAT configuration is this
  static (inside,outside) tcp interface 80 10.10.10.10 80 netmask 255.255.255.255
  Where
  tcp = specifies the protocol for which the Static PAT configured
  interface = specifies that we will be using the public IP address of the destination interface "outside" as the public IP address for this single Port Forward.
  80 = first "80" specifies the public port visible to users behind the destination interface
  80 = second "80" specifies the actual local port on which the local host is listening on
  Hope this helps
  - Jouni

• Dynamic Cascading Parameters - cannot select/enter parameter value

  I am rather new working with Crystal Reports and am having problems with Dynamic Cascading Parameters.
  I am using CR 2008 SP2, Version 12.2.0.290.  Data is from SQL server.
  I have a report to print labels for parts in an order.  I want to be able to enter the ShipTo ID then the contract number.  From there I would like a list of the parts on the contract and be able to select multiple parts to print labels for.
  I right clicked on Parameter Fields and chose New.  I named it ShipToContractPartNo, Type String, List of Values=Dynamic. 
  I added the values as follows:
  ShipToID - Editable, Allow Multiple=False, Allow Discrete=True (cannot be changed), Allow Range=False
  ...ContractNo - Allow Multiple=False, Allow Discrete=True (cannot be changed), Allow Range=False
  ... ...CustPartNo - Allow Multiple=True Allow Discrete=True (cannot be changed), Allow Range=False
  I added the Customer Part parameter to the label.
  When I test the label the parameter Enter Values window looks good but the drop down for Enter ShipToID does not have any ShipTo ID's to choose from and I cannot enter a value, therefore I cannot continue.  I also do not have a Cancel button and always have to end through Task Manager but that's probably a different, unrelated issue.
  I have tried this with and without entering Select Expert records.
  Could someone please tell me if I have missed a step or if there is a known issue?  I searched this site, I looked in CR Help, I referred to the book I have and I googled but have not found this speciic issue.
  Thanks in advance for your assistance.  Let me know if additional information is necessary.
  Jan

  OK.  I have rejoined/relinked all my tablesas follows (with abbreviated names for ease of reading). The actual SQL is at the end.
  ..Job_Hdr JOINED to Job_Shipto
  .....Job_Shipto JOINED to Job_Line
  ........Job_Line JOINED to Job_Bin
  ............Job_Line JOINED to Inv_Mast
  When I create a Dynamic Cascading Parameter prompt on just ContractNo (parent - from table Job_Hdr) and ShipTo (child - from table Job_ShipTo) then it gives me list of Contracts to select from and then a list of ShipTo's for that Contract to select from.  I place them in the Report Header.  I do not add them to the Select Expert.  This works great.
  Now I need to be able to select the parts necessary from the Contract/ShipTo.  When I try to create a Dynamic Cascading Parameter with ContractNo and ShipTo (set up the same as above)  and add in ContractPartNumber (from table Job_Bin) to the parameter then my ContractNo and ShipTo parameters no longer work.  It gives me only 1 contract number to choose from, which isn't the one I want.
  I have tried so many different things and I cannot get the parameters to work when I try to add PartNo into the parameters.
  Any suggestions now?
  Jan
  SELECT "p21_view_inv_mast"."item_desc", "p21_view_job_price_line"."customer_part_no", "p21_view_job_price_hdr"."contract_no", "p21_view_job_price_bin"."min_qty", "p21_view_job_price_bin"."reorder_qty", "p21_view_job_price_bin"."line_station", "p21_view_job_price_line"."row_status_flag", "p21_view_job_price_bin"."line_feed", "p21_view_job_price_bin"."row_status_flag", "p21_view_job_price_bin"."contract_bin_id"
  FROM   ((("Prophet21"."dbo"."p21_view_job_price_hdr" "p21_view_job_price_hdr"
  INNER JOIN "Prophet21"."dbo"."p21_view_job_price_customer_shipto" "p21_view_job_price_customer_shipto" ON "p21_view_job_price_hdr"."job_price_hdr_uid"="p21_view_job_price_customer_shipto"."job_price_hdr_uid")
  INNER JOIN "Prophet21"."dbo"."p21_view_job_price_line" "p21_view_job_price_line" ON "p21_view_job_price_customer_shipto"."job_price_hdr_uid"="p21_view_job_price_line"."job_price_hdr_uid")
  INNER JOIN "Prophet21"."dbo"."p21_view_job_price_bin" "p21_view_job_price_bin" ON ("p21_view_job_price_customer_shipto"."ship_to_id"="p21_view_job_price_bin"."ship_to_id") AND ("p21_view_job_price_line"."job_price_line_uid"="p21_view_job_price_bin"."job_price_line_uid"))
  INNER JOIN "Prophet21"."dbo"."p21_view_inv_mast" "p21_view_inv_mast" ON "p21_view_job_price_line"."inv_mast_uid"="p21_view_inv_mast"."inv_mast_uid"
  WHERE  "p21_view_job_price_bin"."row_status_flag"=704 AND "p21_view_job_price_line"."row_status_flag"=704
  ORDER BY "p21_view_job_price_bin"."line_feed", "p21_view_job_price_bin"."line_station"

• ASA 8.2 - Static NAT and Dynamic NAT Policy together

  Hello community,
  I have the following problem using a ASA with version 8.2.
  1) I have this segment on interface Ethernet 0/0: 192.168.1.0/24
  2) Through interface Ethernet 0/1 I will reach several servers using the same source IP, but other servers must be reached using only one IP, for example 192.168.1.70
  so, I have configured a Static NAT Rule from interface Ethernet0/0 to interface Ethernet 0/1 which NAT the source IPs to the same IPs: 192.168.1.0/24->192.168.1.0/24. Also I have configured a Dynamic NAT Policy that states when destination IP is "server list" then all the source IPs must be translated to 192.168.1.70.
  PROBLEM: when testing it...always the static wins....and Dynamic is never analyzed...Also, no priority for the NAT policy and NAT rules can be done on ASDM...what can I do? is there a way to do this on ASDM or CLI? (preferrely at ASDM)
  Thanks for your reply and help!

  Hello community,
  I have the following problem using a ASA with version 8.2.
  1) I have this segment on interface Ethernet 0/0: 192.168.1.0/24
  2) Through interface Ethernet 0/1 I will reach several servers using the same source IP, but other servers must be reached using only one IP, for example 192.168.1.70
  so, I have configured a Static NAT Rule from interface Ethernet0/0 to interface Ethernet 0/1 which NAT the source IPs to the same IPs: 192.168.1.0/24->192.168.1.0/24. Also I have configured a Dynamic NAT Policy that states when destination IP is "server list" then all the source IPs must be translated to 192.168.1.70.
  PROBLEM: when testing it...always the static wins....and Dynamic is never analyzed...Also, no priority for the NAT policy and NAT rules can be done on ASDM...what can I do? is there a way to do this on ASDM or CLI? (preferrely at ASDM)
  Thanks for your reply and help!

• Dynamic NAT ASA 8.4 Packet Tracer not working

  Hi guys,
  I've tried to ping and go to a site from 192.168.1.6 to 10.10.10.12, but it's not working. I've followed a couple dynamic NAT tutorials, but I can't figure out what I'm missing. The config is below, and I'd appreciate any help.
  Thanks!
  ASA Version 8.4(2)
  hostname ciscoasa
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.2 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 10.10.10.2 255.0.0.0
  object network inside-subnet
  subnet 192.168.1.0 255.255.255.0
  object network inside-subnet
  nat (inside,outside) dynamic interface
  telnet timeout 5
  ssh timeout 5
  dhcpd address 192.168.1.5-192.168.1.35 inside
  dhcpd auto_config outside

  Thanks guys. I'm one step closer. I can ping from 192.168.1.0 to 10.0.0.0, but I can't open a webpage. I try visiting 10.0.0.6/index.html in packet tracer and get a "Request time out" message. I tried to mirror the ACL for www, but it's not working. 
  Does anyone have a suggestion? My updated config is below.
  Thanks!
  ASA Version 8.4(2)
  hostname ciscoasa
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 10.0.0.1 255.0.0.0
  object network inside-subnet
  subnet 192.168.1.0 255.255.255.0
  object network outside-subnet
  subnet 10.0.0.0 255.0.0.0
  access-list TEST extended permit icmp any any echo-reply
  access-list TEST extended permit tcp any any eq www
  access-list http extended permit tcp any any eq www
  access-list http2 extended permit udp any any eq www
  access-group TEST in interface outside
  object network inside-subnet
  nat (inside,outside) dynamic interface
  telnet timeout 5
  ssh timeout 5
  dhcpd auto_config outside
  dhcpd address 192.168.1.5-192.168.1.35 inside
  dhcpd enable inside

• Dynamic NAT & Dynamic/TCP + Dynamic/UDP filters

  I've enabled dynamic NAT on BM38sp2a... Is it important to setup
  dynamic/tcp and dynamic/udp filters if running ipflt? What are the
  purposes of the two filters?
  Jimmy

  [email protected] wrote:
  > I've enabled dynamic NAT on BM38sp2a... Is it important to setup
  > dynamic/tcp and dynamic/udp filters if running ipflt? What are the
  > purposes of the two filters?
  >
  > Jimmy
  Please see my reply in the packet filtering forum.
  Caterina
  Novell Support Connection Volunteer Sysop

• PcAnywhere and dynamic NAT

  I have Bordermanager 3.51 that uses dynamic NAT on the public interface
  connected to DSL with a static IP address. I have followed TID #
  10024898 " Creating filter exception for PCAnywhere".
  I have double checked settings of the filter exceptions but still cannot
  remote access a internal host using PcAnywhere v 11.0. My question is
  should I be using dynamic NAT or static nat or a static/dynamic nat
  configuration ?
  Thanks,
  Karl

  > In article <HmmFc.236$[email protected]>, wrote:
  > > . My question is
  > > should I be using dynamic NAT or static nat or a static/dynamic nat
  > > configuration ?
  > >
  > If you want inbound pcAW traffic, you have two choices when NAT is
  > involved: static NAT, or generic proxies. (Both are described in my
  > BMgr / Filtering books at the URL below).
  >
  > You will not be able to get to an internal PC with just dynamic NAT
  > enabled. There is no way to route the packets in then.
  >
  > Craig Johnson
  > Novell Support Connection SysOp
  > *** For a current patch list, tips, handy files and books on
  > BorderManager, go to http://www.craigjconsulting.com ***
  Thanks Craig for your direction. I will check out the URL
  Happy 4th !
  >

• Changing dynamic profile-parameters in batch

  Hello,
  want to change dynamic profile parameters (rdisp/btctime) in batch.
  I know that i can change this in Transaction RZ11 - but i must change it, depending on our
  batchstrategy in the night.
  best way for me - is to change it via batchprogram - with variant 'parameter' - 'value'.
  thank you for help
  best regards
  L.Misof
  R&S

  Hi,
  why don't you use the operation modes for increasing batch work processes in night ?
  Thanks
  Sunny

• Dynamic bind parameters failure

  Hi
  Ive dynamically bind parameters in view object
  JHeadstart 10.1.2.0 (build 19). The data is getting bind. But with the following error. Kindly help me.
  regards
  Jayashri
  17:30:42 DEBUG (JhsDataAction) -ViewObject programView1: value of bind param 0 set to 04
  17:30:42 DEBUG (JhsDataAction) -ViewObject programView1: value of bind param 1 set to BORE
  17:30:42 DEBUG (JhsDataAction) -ViewObject programView1: executing query, bind parameter values have changed
  05/04/01 17:30:43 java.sql.SQLException: Missing IN or OUT parameter at index:: 1
  05/04/01 17:30:43      at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:137)
  05/04/01 17:30:43      at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:174)
  05/04/01 17:30:43      at oracle.jdbc.driver.OraclePreparedStatement.processCompletedBindRow(OraclePreparedStatement.java:1552)
  05/04/01 17:30:43      at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2896)
  05/04/01 17:30:43      at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:2942)
  05/04/01 17:30:43      at oracle.jbo.server.QueryCollection.buildResultSet(QueryCollection.java:691)
  05/04/01 17:30:43      at oracle.jbo.server.QueryCollection.executeQuery(QueryCollection.java:547)
  05/04/01 17:30:43      at oracle.jbo.server.ViewObjectImpl.executeQueryForCollection(ViewObjectImpl.java:3422)
  05/04/01 17:30:43      at oracle.jbo.server.ViewRowSetImpl.execute(ViewRowSetImpl.java:663)
  05/04/01 17:30:43      at oracle.jbo.server.ViewRowSetImpl.executeQueryForMasters(ViewRowSetImpl.java:769)
  05/04/01 17:30:43      at oracle.jbo.server.ViewRowSetImpl.executeQuery(ViewRowSetImpl.java:706)
  05/04/01 17:30:43      at oracle.jbo.server.ViewObjectImpl.executeQuery(ViewObjectImpl.java:3361)
  05/04/01 17:30:43      at oracle.adf.model.bc4j.DCJboDataControl.executeIteratorBindingIfNeeded(DCJboDataControl.java:803)
  05/04/01 17:30:43      at oracle.adf.model.binding.DCIteratorBinding.executeQueryIfNeeded(DCIteratorBinding.java:1587)
  05/04/01 17:30:43      at oracle.adf.model.binding.DCBindingContainer.refreshControl(DCBindingContainer.java:1544)
  05/04/01 17:30:43      at oracle.jheadstart.controller.strutsadf.action.JhsDataAction.applyIterBindParams(JhsDataAction.java:2785)
  05/04/01 17:30:43      at oracle.jheadstart.controller.strutsadf.action.JhsDataAction.prepareModel(JhsDataAction.java:3136)
  05/04/01 17:30:43      at oracle.adf.controller.struts.actions.DataAction.prepareModel(DataAction.java:486)
  05/04/01 17:30:43      at oracle.adf.controller.lifecycle.PageLifecycle.handleLifecycle(PageLifecycle.java:105)
  05/04/01 17:30:43      at oracle.adf.controller.struts.actions.DataAction.handleLifecycle(DataAction.java:223)
  05/04/01 17:30:43      at oracle.jheadstart.controller.strutsadf.action.JhsDataAction.handleLifecycle(JhsDataAction.java:389)
  05/04/01 17:30:43      at oracle.adf.controller.struts.actions.DataAction.execute(DataAction.java:155)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
  05/04/01 17:30:43      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1485)
  05/04/01 17:30:43      at oracle.jheadstart.controller.strutsadf.JhsActionServlet.process(JhsActionServlet.java:127)
  05/04/01 17:30:43      at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:509)
  05/04/01 17:30:43      at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  05/04/01 17:30:43      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  05/04/01 17:30:43      at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
  05/04/01 17:30:43      at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
  05/04/01 17:30:43      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:649)
  05/04/01 17:30:43      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:322)
  05/04/01 17:30:43      at com.evermind.server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:220)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:1012)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:582)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:260)
  05/04/01 17:30:43      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1485)
  05/04/01 17:30:43      at oracle.jheadstart.controller.strutsadf.JhsActionServlet.process(JhsActionServlet.java:127)
  05/04/01 17:30:43      at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:509)
  05/04/01 17:30:43      at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  05/04/01 17:30:43      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  05/04/01 17:30:43      at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
  05/04/01 17:30:43      at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
  05/04/01 17:30:43      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:649)
  05/04/01 17:30:43      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:322)
  05/04/01 17:30:43      at com.evermind.server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:220)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:1012)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:582)
  05/04/01 17:30:43      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:260)
  05/04/01 17:30:43      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1485)
  05/04/01 17:30:43      at oracle.jheadstart.controller.strutsadf.JhsActionServlet.process(JhsActionServlet.java:127)
  05/04/01 17:30:43      at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:509)
  05/04/01 17:30:43      at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  05/04/01 17:30:43      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  05/04/01 17:30:43      at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
  05/04/01 17:30:43      at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
  05/04/01 17:30:43      at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:16)
  05/04/01 17:30:43      at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:239)
  05/04/01 17:30:43      at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:20)
  05/04/01 17:30:43      at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:239)
  05/04/01 17:30:43      at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:20)
  05/04/01 17:30:44      at oracle.jheadstart.controller.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:172)
  05/04/01 17:30:44      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:645)
  05/04/01 17:30:44      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:322)
  17:30:44 DEBUG (JhsDataAction) -ViewObject programView1: bind parameter values have not changed
  05/04/01 17:30:44      at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:790)
  05/04/01 17:30:44      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:270)
  05/04/01 17:30:44      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)
  05/04/01 17:30:44      at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
  05/04/01 17:30:44      at java.lang.Thread.run(Thread.java:534)

  Hi Stevan
  I'm using JSP.
  Ive used request parameters for binding in the where clause {app_cycle=:1 and college_code='MICH'}in application structure i gave ${param.appcycle},${param.collegecode} , which the page is loaded successfully. Dont know how did that error got cleared. Anyway now session is the problem.
  I want to use session and not request parameters.
  How to achieve this. I dont understand the help give in the query bind parameters tab in application structure file. It says ${MyObject.MyParameter}
  in Jsp session is the object. Assuming that i gave ${session.appcyle} where appcycle is the parameter which holds the value. But it didnt work
  Kindly help on this.
  regards
  Jayashri
  regards
  Jayashri

• Dynamic profile parameters

  Hi
  I would like to get all the list of dynamic profile parameters at R/3 level.
  Could anyone please let me know if there is any OSS note availabe which lists out all the dynamic parameters? I tried but,couldn`t find the related ones.
  Is there any way to find out from R/3 level?
  regards,
  Vinodh.

  Dear Vinod,
  There is a table called TPFYPROPTY which lists you all the dynamically switchable parameters identified by dynamic indicator. you can view this table using transaction se16.
  you can also get into Rz11 and check the dynamically switchable check box value for that corresponding parameter.
  Reward points if useful.
  Sree

• 9.0 can a dynamic nat be used over ipsec vpn?

  9.0 can a  dynamic nat be used over ipsec vpn?
  we have a vpn up and working between two asa's and when we run the traffic through a static nat rule the traffic passes over the vpn. When we use a dynamic nat the traffic does not get picked up by the vpn ACL. 
  we are disabling the nat rules to switch back and forth so even when we use the same source destination the result is the same. 
  Am I missing something with 9.0 code versions? If i disable all nats and pass the traffic it goes over the vpn. 
  So it seems when using the dynamic nat statement it pushes the traffic to the outside interface without looking at the vpn acl. Please let me know if I am off base I am a newb on post 8.3 code. 
  Thanks

  I didn't do that at first because I remember reading something about in ver 9 to only use the unnatted IP because of order of ops. That seemed weird to me at the time. 
  Yes it seems that you need the nat ip like always. Should have just went with my gut on that. 
  Thanks

• Static/Dynamic NAT Conflict

  My static NAT configuration is somehow conflicting with my dynamic NAT configuration. Am I doing something wrong?
  ip nat inside source list 1 interface GigabitEthernet0/0 overload
  access-list 1 permit 192.168.126.0 0.0.0.255
  access-list 1 permit 10.18.0.0 0.0.255.255
  ip nat inside source list 1 interface GigabitEthernet0/0 overload
  ip nat inside source static tcp 192.168.126.4 20 xx.xx.xx.19 20 extendable
  ip nat inside source static tcp 192.168.126.5 25 xx.xx.xx.19 25 extendable
  ip nat inside source static tcp 192.168.126.5 80 xx.xx.xx.19 80 extendable
  ip nat inside source static tcp 192.168.126.5 443 xx.xx.xx.19 443 extendable
  ip nat inside source static tcp 192.168.126.7 3101 xx.xx.xx.19 3101 extendable
  ip nat inside source static tcp 192.168.126.4 3389 xx.xx.xx.19 3389 extendable
  ip nat inside source static tcp 192.168.126.7 5901 xx.xx.xx.19 5901 extendable
  ip nat inside source static tcp 192.168.126.20 25 xx.xx.xx.20 25 extendable
  ip nat inside source static tcp 192.168.126.20 80 xx.xx.xx.20 80 extendable
  interface GigabitEthernet0/0
  description Outside Interface
  ip address xx.xx.xx.18 255.255.255.248
  ip access-group Incoming in
  ip access-group Outgoing out
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  no ip mroute-cache
  duplex auto
  speed auto
  ntp disable
  no cdp enable
  hold-queue 32 in
  hold-queue 100 out

  Thanks for the help.
  I tried modifying the access list as you suggested but ran into problems. The host at 192.168.126.4 is my DNS server and the updates prevented it from forwarding queries to external DNS servers. I think I am running into problems because I dont' know general rules for configuring dynamic NAT to accomodate client PCs and static NAT to accomodate servers at the same time. From the issues I am having it seems there are general rules for dividing the two classes of hosts which I just don't know. My external interface has a .18 address which all my client PCs get NAT'ed through and then I have static NAT entries NAT'ing to .19 and .20 for internal services such as DNS, SMTP, HTTP etc. I thought that would divide the two however certain 'things' conflict, such as XBOX Live connections. If I remove my static NAT entries then I can connect to XBOX Live.

• [Question] Dynamic NAT on 2 different networks

  Hi,
  I just want to ask if its possible to have same dynamic translation within 2 different networks like:
  interface gig 0/1
  1.1.1.1 255.255.255.0 (LAN Connection w/ DHCP enabled)
  inteface gig 0/2
  2.2.2.1 255.255.255.0 (Wireless Connection w/ DHCP enabled)
  Actually, the scenario was 1.1.1.1 is my LAN connection and 2.2.2.1 are my Wireless connection.
  Hope this merits their favorable response. Thanks.

  Hi,
  Do you mean that you want both of the said LAN networks to use Dynamic NAT/PAT towards a third interface on the ASA?
  If you simply want to use the same NAT/PAT address for 2 different networks on the ASA then you can use the following configurations as example
  These are PAT translations to a single IP address. Using a NAT Pool would change the configurations slightly.
  For ASA software 8.2 and below
  global (outside) 100 3.3.3.1
  nat (inside) 100 1.1.1.0 255.255.255.0
  nat (wireless) 100 2.2.2.0 255.255.255.0
  Where
  outside,inside and wireless = Interface "nameif" on the ASA firewall
  100 = Is just an ID number for the NAT configuration. You can use other one also
  For ASA software 8.3 and after
  object-group network PAT-SOURCE-NETWORKS
  network-object 1.1.1.0 255.255.255.0
  network-object 2.2.2.0 255.255.255.0
  nat (inside,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface
  nat (wireless,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface
  Where
  PAT-SOURCE-NETWORKS = Is an "object-group" where you can define the source networks for the NAT/PAT rule
  Hope this helps Please if you found the information helpfull
  Feel free to ask more if this didnt answer your question.
  - Jouni

• Help with dynamic NAT and CSM 4.4 and ASA 8.3

  Hello
  I currently try to add a dynamic NAT rule into CSM 4.4 for a ASA 8.3 device, but I fails at the deployment with the error message:
  Failed to generate delta config
  The following commands have not been recognized by the Configuration Parser:
  ==========================
  (inside,outside) source dynamic range-192.168.0.0_24 range-100.0.0.1_32 destination static any any
  So let's asume we use the internal IP Range for the users is 192.168.0.0/24 and we received the public IP Address 100.0.0.1/32 from our ISP.
  How do I have to do a normal dynamic NAT in CSM 4.4 for this case?
  Traffic comes from inside and has to leave the outside with the changed source IP.
  I would really appreciate a screenshot from CSM 4.4 which shows the correctly filled fields.
  Thanks
  Patrick

  Matty
  Not familiar with SIP so can't say for sure about that in terms of ports but some comments -
  1) you don't show other interfaces but presumably the LAN interface(s) has "ip nat inside" enabled
  2) the PBX subnet is 10.1.1.0/24 yet your static NATs are referring to 10.18.21.2 ?
  3) following on from 2) your PBX_SUBNET acl is wrong, it should be -
  ip access-list extended PBX_SUBNET
  permit ip 10.1.1.0 0.0.0.255 any      <-- note the last octet of the wildcard mask is 255.
  Edit - also assuming that any internal subnets not directy connected to the router have routes setup for them so you router knows how to get to them.
  Jon

• Dynamic NAT (1841 & n00b)

  Hi all. (waiting for TAC support to register me)
  I'm trying to find information on setting up a Dynamic NAT for my 1841 using the SDM. I know how to do the static NATs and they seem to work fine. However, our Japan office would like Dynamic NAT. Where can I find info on how to set this up?
  I have a range of server addresses on my network (E0) from 10.1.10.16 to 10.1.10.40/24. The addressing I have for these on the "outside" (E1) is 172.25.1.16 to 172.25.40/16.
  I tried to set this up, but it seemed that the router duplicated all of my server addresses and my systems weren't happy.
  Thanks for any assistance.
  BC

  OK.
  I had to attach it since it's too long to post.
  Thanks for any insight. The router for the Japan office is 172.25.1.1.