.. I am currently upgrading Cisco ASA's from 5505 to a 5508-x. Network looks like this::
Lines = Path
xxxx = Cisco ASA 5508-x
Cisco ASA Gateway = 126.96.36.199
Cisco ASA Outside Interface = 188.8.131.52
Cisco ASA Inside Interface = 172.20.0.2
Laptop = 172.20.1.5
I can ping 184.108.40.206 from Cisco ASA
I can ping inside interface from laptop
I cannot ping 220.127.116.11 from laptop
I believe it's a NAT issue (could be wrong) but I'm not sure how to enter the NAT statement on the Cisco ASA.
Any suggestions would be appreciated. Also, if its not a NAT issue please lead me in the correct direction please
Solved! Go to Solution.
Please share your current NAT configuration ("show run nat").
We would normally expect an after-auto dynamic interface NAT rule for traffic from inside to outside. Something like:
nat (inside,outside) dynamic interface
So that tells us you have no NAT rules. In other words, traffic from your private IP space (172.20.x.x) will appear to any external addresses unchanged. Since the extrnal address you gave is a public IP, it won't normally know how to send the return traffic to a private network.
If you put in the interface NAT statement like I mentioned earlier, that traffic from your internal hosts will take on the public (outside) IP address of the ASA as it egresses and thus upstream hosts will know where to send the return traffic.
This may be a "dummy" mistake but when I enter:
nat (inside,outside) dynamic Interface I am getting the error invalid input
arrow points at the word dynamic also...