cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

773
Views
0
Helpful
5
Replies
Highlighted
Beginner

877W and ASA 5505 NAT issue

I have a Cisco 877W router which has no issues and working fine. However, I'd like to introduce my ASA5505 as the firewall in between LAN (192.168.0.0/24) and Router private range (10.1.1.0/24).

My setup: internet <- -> outside int (Dialer1) 122.x.x.x (Cisco 877W) <- -> inside 10.1.1.1 (FE0/0) <- -> outside int 10.1.1.2 (E0/0) (ASA5505) -> inside int 192.168.0.1 -> LAN

877W Ethernet0 -> ASA5505 Ethernet0 and is the only cable connected from 877 to ASA.

ASA 5505 Ethernet0/1-6 is used for wired devices on my LAN.

ASA 5505 Ethernet0/7 I'll reserve for DMZ server later.

From PC on LAN, I can ping 192.168.0.1 but, cannot access 10.1.1.1 or 10.1.1.2.

On the ASDM 192.168.0.1 using ping tool, I can ping 10.1.1.1 and 10.1.1.2.

When I run packet tracer, it fails under NAT check.

I'm unable to get to the internet and I think it's the NAT part of ASA that's letting me down.

If anyone has any hints, it would be gladly appreciated.

I've attached my config's for 877W and ASA5505.

PS. The setup is *similar* to http://mcse-ccnp.blogspot.com/2009/05/cisco-asa-for-internet-access-sample.html

thanks,

Luke

5 REPLIES 5
Highlighted
Cisco Employee

Hi Luke,

So the issue is that you're not able to ping 10.1.1.1 from the PC on the inside LAN, correct? Please confiure th following and let me know if it resolves the issue:

1. Configure "inspect icmp" for the ping replies to get back.

policy-map global_policy

class inspection_default

  inspect icmp

2. Add a static route to the outside next hop:

route outside 0.0.0.0 0.0.0.0 10.1.1.1 1

Let me know.

Regards,

Anu

Highlighted

Thanks, I'll give that a try.

I also cannot reach the internet.

The ASDM packet inspect tool ,says that there is a NAT problem.

Highlighted
Beginner

Inspect icmp. Was the trick but cannot route Internet to LAN

Can ping 8.8.8.8 from router and can get to Internet but LAN inside asa cannot. still think it's NAT issue.

Sent from Cisco Technical Support iPhone App

Highlighted

Internet now works I had route inside instead of the below correct line.

route outside 0.0.0.0 0.0.0.0 10.1.1.1 1

Thnks for your help.

Sent from Cisco Technical Support iPhone App

Highlighted

Hi Luke,

Sorry i missed your posts. Anyhow, i'm glad it works now!

Please mark this post as answered. Do rate the post if it was helpful!

Regards,

Anu

Content for Community-Ad