I have the following configured on my ASA, I've only put in what's relevant. There's not really much else on it anyways.
At the moment I believe all traffic is being NAT'd on the 192.168.127.x and 192.168.128.x /24 networks when going outside
I want to however allow the subnets above in bold to access the inside network of 172.27.100.0 /22 (off of Gi0/1), and basically not have the ASA try to NAT this.
What do I need to add?
no ip address
ip address 192.168.127.1 255.255.255.0
ip address 192.168.128.1 255.255.255.0
ip address 172.27.100.160 255.255.252.0
ip address Public IP 255.255.255.0
ip address 10.44.240.190 255.255.255.0
dns domain-lookup inside
dns server-group DefaultDNS
domain-name Test.com same-security-traffic permit inter-interface
object-group network DynamicNatInside
network-object 192.168.127.0 255.255.255.0
network-object 192.168.128.0 255.255.255.0
access-list Inside_To_Out extended permit ip object-group DynamicNatInside any
pager lines 24
logging asdm informational
mtu Vlan127 1500
mtu Vlan128 1500
mtu inside 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
nat (any,outside) after-auto source dynamic DynamicNatInside interface
access-group Inside_To_Out out interface outside
route outside 0.0.0.0 0.0.0.0 “PUBLIC IP” route inside 172.16.0.0 255.240.0.0 172.27.100.10
Go to Solution.
Try to configure following command and then check whether it works or not:
fixup protocol icmp
Hope this would help
- Prateek Verma
Already suggested checking the "inspect" configurations under the "policy-map" configurations.
My mistake didn't noticed that .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: