cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


260
Views
0
Helpful
7
Replies
Highlighted
Beginner

Ping "Route Outside" gateway from laptop

.. I am currently upgrading Cisco ASA's from 5505 to a 5508-x. Network looks like this::

Lines = Path

xxxx = Cisco ASA 5508-x

64.98.145.173 (Example)---------------------xxxx--------------------------------(172.20.1.5)Laptop

Cisco ASA Gateway = 64.98.145.173

Cisco ASA Outside Interface = 64.98.145.174

Cisco ASA Inside Interface = 172.20.0.2

Laptop = 172.20.1.5

I can ping 64.98.145.173 from Cisco ASA

I can ping inside interface from laptop

I cannot ping 64.98.145.173 from laptop

I believe it's a NAT issue (could be wrong) but I'm not sure how to enter the NAT statement on the Cisco ASA.

Any suggestions would be appreciated. Also, if its not a NAT issue please lead me in the correct direction please

Thank You

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Sorry - my syntax was a bit

Sorry - my syntax was a bit off. Was working from iPad when I replied.

Try:

nat (inside,outside) after-auto source dynamic any interface

View solution in original post

7 REPLIES 7
Hall of Fame Guru

Please share your current NAT

Please share your current NAT configuration ("show run nat"). 

We would normally expect an after-auto dynamic interface NAT rule for traffic from inside to outside. Something like:

nat (inside,outside) dynamic interface

Beginner

Show run nat >> Gave no

Show run nat >> Gave no output, completely emptyp. Just went down to the next line without any output

Hall of Fame Guru

So that tells us you have no

So that tells us you have no NAT rules. In other words, traffic from your private IP space (172.20.x.x) will appear to any external addresses unchanged. Since the extrnal address you gave is a public IP, it won't normally know how to send the return traffic to a private network.

If you put in the interface NAT statement like I mentioned earlier, that traffic from your internal hosts will take on the public (outside) IP address of the ASA as it egresses and thus upstream hosts will know where to send the return traffic.

Beginner

This may be a "dummy" mistake

This may be a "dummy" mistake but when I enter:

nat (inside,outside) dynamic Interface I am getting the error invalid input

arrow points at the word dynamic also...

Thanks

Hall of Fame Guru

Sorry - my syntax was a bit

Sorry - my syntax was a bit off. Was working from iPad when I replied.

Try:

nat (inside,outside) after-auto source dynamic any interface

View solution in original post

Beginner

That did it.. Thank You

That did it.. Thank You

Hall of Fame Guru

You're welcome. Thanks for

You're welcome. Thanks for the rating.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here