cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


83
Views
5
Helpful
6
Replies
Highlighted
Beginner

NAT Issue

Hi Friends

Please guide me if my configuration is ok. I amnot able to ping the public ip throughthe ASA resulting in failure to login to the sip server.

I need to nat the inside network to outside.

Nat required between
88.55.164.10 to 101.164.50.50
88.55.164.11 to 101.164.50.25

Please note the version of ASA below:
Cisco Adaptive Security Appliance Software Version 8.4(7)
Device Manager Version 7.1(6)

I have configured as below

access-list 200 extended permit tcp any host 88.55.164.10
access-list 200 extended permit tcp any host 88.55.164.11
access-group 200 in interface outside

object network obj_sip-101.164.50.50
host 101.164.50.50
object network obj_sip_1-101.164.50.25
host 101.164.50.25

object network obj_sip-101.164.50.50
nat (inside,outside) static 88.55.164.10
object network obj_sip_1-101.164.50.25
nat (inside,outside) static 88.55.164.11
 

 

Regards,

Ahmed

 

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Advocate

At first glance you do not

At first glance you do not have any ACLs applied that allow access from the outside in.  You would need to add the following commands:

no access-list outside_access_in extended permit ip host 88.55.164.10 any

no access-list outside_access_in extended permit ip any host 88.55.164.10

access-list outside_access_in extended permit ip any host 101.164.50.25

access-list outside_access_in extended permit ip any host 101.164.50.50

access-group outside_access_in in interface outside

Keep in mind that you will now be allowing all traffic in to those hosts.  If possible it would be best to identify the exact ports that you need to have opened and only open for those ports.

Add these commands and then test.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
VIP Advocate

Thank you for the rating ☺

Thank you for the rating ☺
--
Please remember to rate and select a correct answer
6 REPLIES 6
Beginner

Folks, please help me in

Folks, please help me in sorting this out as I need to settle this down today

VIP Advocate

When you are saying that you

When you are saying that you can not ping the public IP through the ASA, which IP are you trying to ping?

Are you able to ping the internet from any of those two servers (50.50 and 50.25)?

could you issue the following packet tracer on the ASA:

packet-tracer input inside tcp 101.164.50.25 12345 4.2.2.2 5060 detail

packet-tracer input inside tcp 101.164.50.50 12345 4.2.2.2 5060 detail

Could you please post the full ASA configuration (sanitised)? I feel it is easier to troubleshoot when seeing the whole picture.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Beginner

Hi Marius,Please check the

Hi Marius,

Please check the ASA config attached.

Also check the topology attached. I am trying to acheive the nat mentioned in the topology.

I am not able to launch the application if the user is connected from outside.

Regards,

Ahmed

 

VIP Advocate

At first glance you do not

At first glance you do not have any ACLs applied that allow access from the outside in.  You would need to add the following commands:

no access-list outside_access_in extended permit ip host 88.55.164.10 any

no access-list outside_access_in extended permit ip any host 88.55.164.10

access-list outside_access_in extended permit ip any host 101.164.50.25

access-list outside_access_in extended permit ip any host 101.164.50.50

access-group outside_access_in in interface outside

Keep in mind that you will now be allowing all traffic in to those hosts.  If possible it would be best to identify the exact ports that you need to have opened and only open for those ports.

Add these commands and then test.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Beginner

bingo, thank you so much.

bingo, thank you so much. resolved

VIP Advocate

Thank you for the rating ☺

Thank you for the rating ☺
--
Please remember to rate and select a correct answer