https://community.cisco.com/t5/network-security/destination-nat/m-p/2985636#M155592 <P>Please Help. Not able to get the answer.</P> <P>&nbsp;</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/outside_to_inside_nat.png" class="migrated-markup-image" /></P> <P>Using GNS3 with ASA 8.4 &amp; ASDM 7.1.</P> <P>Can ping from inside to outside but cannot ping from DMZ to Outside.</P> <P>Cannot ping from outside to inside or DMZ.</P> <P></P> <P>Router on Outside interface is just to see whether ping packets are reaching or not ( using Debug ip icmp).</P> <P>Using Virtual box to access ASDM on XP. So no configuration for Gigabit Ethernet Interface 03.</P> Tue, 12 Mar 2019 08:13:09 GMT kuskur.vishwanatha 2019-03-12T08:13:09Z https://community.cisco.com/t5/network-security/destination-nat/m-p/2985636#M155592 <P>Please Help. Not able to get the answer.</P> <P>&nbsp;</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/outside_to_inside_nat.png" class="migrated-markup-image" /></P> <P>Using GNS3 with ASA 8.4 &amp; ASDM 7.1.</P> <P>Can ping from inside to outside but cannot ping from DMZ to Outside.</P> <P>Cannot ping from outside to inside or DMZ.</P> <P></P> <P>Router on Outside interface is just to see whether ping packets are reaching or not ( using Debug ip icmp).</P> <P>Using Virtual box to access ASDM on XP. So no configuration for Gigabit Ethernet Interface 03.</P> Tue, 12 Mar 2019 08:13:09 GMT https://community.cisco.com/t5/network-security/destination-nat/m-p/2985636#M155592 kuskur.vishwanatha 2019-03-12T08:13:09Z https://community.cisco.com/t5/network-security/destination-nat/m-p/2985637#M155593 <P>Very Simple by defualt trafic from lower security-level to higher security level not permit. As per your config</P> <P>Outside security level&nbsp;0</P> <P>inside security level is 100</P> <P>dmz security level 50</P> <P></P> <P>You have to add below command to allow traffic from same or lower security level to higher oe same security level interafce.</P> <P>&nbsp;same-security-traffic permit inter-interface</P> <P>Regards,</P> <P>Pawan CCIE 52104</P> <P></P> <P>Kindly rate for useful post</P> Thu, 01 Sep 2016 12:12:50 GMT https://community.cisco.com/t5/network-security/destination-nat/m-p/2985637#M155593 Pawan Raut 2016-09-01T12:12:50Z https://community.cisco.com/t5/network-security/destination-nat/m-p/2985638#M155594 <P>Thank you.</P> <P>But CCNA security exam require&nbsp; to configure these using ASDM only.</P> <P>Can you tell me how to configure using ASDM.</P> <P></P> <P>NAT statements are in place. Referred some documents &amp; CBT nuggets. But not able to ping.</P> <P></P> <P>Vishwa</P> Thu, 01 Sep 2016 12:33:10 GMT https://community.cisco.com/t5/network-security/destination-nat/m-p/2985638#M155594 kuskur.vishwanatha 2016-09-01T12:33:10Z https://community.cisco.com/t5/network-security/destination-nat/m-p/2985639#M155595 <P>When ping from PC 1 to R1 ( inside to outside ), Ping was successful with&nbsp; following debug output on ASA.</P> <P>ciscoasa# ICMP echo request from inside:10.1.0.2 to outside:1.2.3.4 ID=27351 seq=1 len=56<BR />ICMP echo request translating <STRONG>inside</STRONG>:<STRONG>10.1.0.2 to outside:1.2.3.10</STRONG><BR />ICMP echo reply from outside:1.2.3.4 to inside:1.2.3.10 ID=27351 seq=1 len=56<BR />ICMP echo reply untranslating <STRONG>outside</STRONG>:<STRONG>1.2.3.10 to inside:10.1.0.2</STRONG></P> <P></P> <P>When Ping from PC 2 to R1 ( dmz to outside ), 1.2.3.4 icmp_seq=1 timeout observed with debug output on ASA.</P> <P>ciscoasa# ICMP echo request from dmz:172.16.0.2 to outside:1.2.3.4 ID=48344 seq=1 len=56<BR />ICMP echo request translating <STRONG>dmz</STRONG>:<STRONG>172.16.0.2 to outside:1.2.3.10</STRONG><BR />ICMP echo reply from outside:1.2.3.4 to inside:1.2.3.10 ID=48344 seq=1 len=56<BR />ICMP echo reply untranslating <STRONG>outside:1.2.3.10 to inside:10.1.0.2</STRONG></P> <P>Not able to make out why the untranslation going to 10.1.0.2 instead of 172.16.0.2</P> <P></P> <P>Regards</P> <P>Vishwa</P> Fri, 02 Sep 2016 01:44:11 GMT https://community.cisco.com/t5/network-security/destination-nat/m-p/2985639#M155595 kuskur.vishwanatha 2016-09-02T01:44:11Z