Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
0
Helpful
5
Replies

Asa Nat Problem

Ahmed Chowdhury
Level 1
Level 1

‎05-03-2011 01:21 AM - edited ‎03-11-2019 01:28 PM

hi

i m configuring Asa 5510 with nat. i have some internal servers. my clients requirement is to hide the original loacl ip of servers. thats why i using static nat. so the outside world only know the real ip(x.x.x.x), then it is natted into a server ip(y.y.y.y). my problem is that i cant ping the server ip (y.y.y.y) from my local lan(z.z.z.z). the acl is now permit any any. but i dont know whats the problem. if anyone have any suggestions then pls let me know. thank u.

Labels:
0 Helpful
5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-03-2011 03:02 AM

Apology, but your explaination contradict a little.

You mean that the outside world will only see the NATed IP instead of the real IP, and you are trying to ping the NATed IP from your local LAN.

If that is what you mean, you won't be able to ping the NATed IP from the local LAN as it should be ARPing on the outside interface instead of your local LAN interface.

You will be able to ping the real IP from the local LAN, and ping the NATed IP from the Internet.

0 Helpful

Ahmed Chowdhury
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2011 03:23 AM

sorry jennifer,

my Public ip is 203.112.x.x. and my server ip is 192.168.254.12. outside world will know only 203.112.x.x but my actual server is in 192.168.254.12 ip. i m using static nat on ASA. my 5510 asa is connected to a 4503 switch.from asa 5510 i can ping 192.168.254.12 but from  4503 switch i cant ping to 192.168.254.12. i can also ping the 203.112.x.x. from 4503 switch. pls  help me out..thanks in advancee...

Internet ---> Router_Gw ---> 4503_SW-----> asa 5510------> server(192.168.254.12)

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Ahmed Chowdhury

‎05-03-2011 04:56 AM

You won't be able to ping 192.168.254.12 from the switch because the switch is connected to the outside of the ASA.
Just like the internet, from the switch you can only ping the 203.112.x.x address. Because you are NATing that address on the ASA, therefore you can't access the 192.168.254.12 ip address from the switch.

That is the correct behaviour.

0 Helpful

Ahmed Chowdhury
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2011 09:05 PM

Thank u very much jennifer. so in that case if i want to establish a ftp connection to my server 192.168.254.12 from internet or locally then i have to ftp to 203.112.x.x. ip rite. ok i will try and let u know.thank u....

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Ahmed Chowdhury

‎05-03-2011 09:08 PM

Absolutely correct. Let us know how it goes..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card