Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
925
Views
0
Helpful
2
Replies

2 Servers behind 2 ASA´s

dogiii
Level 1
Level 1

‎08-08-2018 11:07 PM - edited ‎02-21-2020 08:05 AM

Hi guys,

 

I am having an issue with NAT on two ASA´s.

We are supposed to use twice NAT on both of sites (same office site , 2 different ASA´s on 2 different locations)so internal users from one internal site can connect to the other site.

ON one of the ASA´s we have Internal and Outside interface.

ASA1

Outside: 192.168.22.180

Inside: 10.160.48.99 

ASA2:

Inside: 10.160.48.140

VLan212:  192.168.16.9

 

As you can see these sites both use internal ip addresses and there is no VPN between them however they are directly connected with a core Switch.

 

I am trying to establish a connect from behind ASA1 with a Source IP Adrress 192.168.22.140 tryting to connectbehind the ASA2 with an IP Adress 192.168.16.114.

I have configured this so far:

ASA1

nat (outside,inside) source static obj-192.168.22.140 obj-10.160.48.70 destination static obj-192.168.22.114 obj-10.160.48.48

 

ASA2

nat (inside,VLAN_212_industr_Grenzebach) source static obj-10.160.48.70 obj-192.                                                168.16.110 destination static obj-10.160.48.48 obj-192.168.16.114

 

 

 

I can see the server initiating the connection however I dont see anyhting arriving on ASA2

 

 08:01:46.101175       802.1Q vlan#2 P0 192.168.22.140.20114 > 192.168.22.114.20114:  udp 20

 

08:01:46.101206       802.1Q vlan#1 P0 10.160.48.70.20114 > 10.160.48.48.20114:  udp 20

 

 

If I do a packet tracer from the ASA I can get through  and I can see the NAT I configured being used.

Any suggestions on what to check ?

 

 

 

 

 

0 Helpful
2 Replies 2

aaron.hackney
Level 1
Level 1

‎08-09-2018 06:01 AM

Hello Dogii,

 

Could you let us take a look at the packet-tracer detailed output?

Thanks

-A

 

 

 

0 Helpful

dogiii
Level 1
Level 1
In response to aaron.hackney

‎08-14-2018 02:32 AM

Hi Aron,

 

I made it easy on myself and drew this up. Sorry for the late response.

It is simple I am trying to communicate from 192.168.22.140 to 192.168.16.110 on the other side.

But somehow whatever I do it doesnt work. If you could take a look at the picture posted I made a diagram of what exactly I need.

 

thank you in advance,

 

Preview file
1658 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card