https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919573#M436338 <HTML><HEAD></HEAD><BODY><P>Also make sure you open the ACL on outside:</P><P></P><P>access-list 100 permit tcp any interface outside eq 443</P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Tue, 22 May 2012 11:18:49 GMT varrao 2012-05-22T11:18:49Z https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919569#M436334 <P style="text-align: left;">Hello,</P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P style="text-align: left;">This is my 1st time trying to configure an ASA.</P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P style="text-align: left;">I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:</P><P></P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/5/4/9/89945-Capture.JPG" alt="Capture.JPG" class="jive-image-thumbnail jive-image" onclick="" width="450" /></P><P></P><P>I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.</P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P>I have attached the configuration file with this post as well.</P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P>I suspect it's something simple and silly that I did. Can you please help?</P><P><BR style="color: #282828; font-family: helvetica, arial, sans-serif; font-size: 14px; line-height: 22px; text-align: -webkit-auto; background-color: #ffffff;" /></P><P>Many thanks,</P> Mon, 11 Mar 2019 23:09:35 GMT https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919569#M436334 haidar_alm 2019-03-11T23:09:35Z https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919570#M436335 <HTML><HEAD></HEAD><BODY><P>Hi Haider,</P><P></P><P>you might just need to add this:</P><P></P><P>static (inside,outside) 192.168.1.4 192.168.1.4</P><P></P><P>make sure you also put a default route on the 192.168.1.4 machine with ASA inside as the gateway.</P><P></P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Tue, 22 May 2012 10:17:06 GMT https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919570#M436335 varrao 2012-05-22T10:17:06Z https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919571#M436336 <HTML><HEAD></HEAD><BODY><P>Many thanks for the reply.</P><P></P><P>It worked, however, I would like to know how!</P><P><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>I already had the (nat and global) command configured on it. Is that not enough?</P><P></P><P>Also, should the command not be</P><P></P><P>static (inside,outside) 10.1.1.2 192.168.1.4 255.255.255.255 ? &lt;= i tried it and got an error. </P><P><SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif"></SPAN></P><P></P><P>I want the inside address of 192.168.1.4 to be mapped to the outside interface address of 10.1.1.2.</P><P></P><P>When I do show xlate, i can see that the 192 address is shown as itself globally.</P><P></P><P>I look forward to your reply.</P><P></P><P>kr</P><P></P><P>H</P></BODY></HTML> Tue, 22 May 2012 10:59:50 GMT https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919571#M436336 haidar_alm 2012-05-22T10:59:50Z https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919572#M436337 <HTML><HEAD></HEAD><BODY><P>Hi Haider,</P><P></P><P>The nat global statements that you have, that is to pat the internal users, when they go out of the outside interface, it is not for connections coming in.</P><P></P><P>If you want to nat the internal IP with the outside interface of the ASA, you would need:</P><P></P><P>static (inside,outside) interface 192.168.1.4</P><P></P><P>But I would not advise that, because this statement would block the complete IP address for the internal server only. I would rather suggest port forwarding, which means, you are using only a single port on that IP. Here's the config:</P><P></P><P>static (inside,outside) interface 443 192.168.1.4 443</P><P></P><P>This shoudl&nbsp; be done.</P><P></P><P>Hope that helps.</P><P></P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Tue, 22 May 2012 11:17:31 GMT https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919572#M436337 varrao 2012-05-22T11:17:31Z https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919573#M436338 <HTML><HEAD></HEAD><BODY><P>Also make sure you open the ACL on outside:</P><P></P><P>access-list 100 permit tcp any interface outside eq 443</P><P></P><P>Thanks, <BR />Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Tue, 22 May 2012 11:18:49 GMT https://community.cisco.com/t5/network-security/cisco-asa5520-basic-configuration/m-p/1919573#M436338 varrao 2012-05-22T11:18:49Z