04-26-2020 04:37 PM - edited 05-07-2020 12:05 PM
I have been using ASDM for some time to configure ASA's and now working to have a better understanding of configuring using the CLI. I am using PT 7.3 to build a mock enterprise network and have run into a wall with configuring the ASA in the network. I'll provide image and config at the end of the post.
Here is the scenario:
I send an ICMP from SAP2 to Server3 and receive "request timed out"
I send an ICMP from YES-3560-1 to Server3 and receive "request timed out"
I send an ICMP from YES-2911-1 to Server3 and receive replies.
I send an ICMP from YES-ASA-1 to Server3 and receive replies.
I just can't seem to find where I went wrong.
Thank you in advance!
05-07-2020 12:18 AM
Hi,
The current configuration on ASA seems that it will allow pings from inside to internet, but not the vice versa, as the traffic should come on some translated IP address.
You should also check this NAT statement.
object network obj_208.165.200.0_outside
nat (inside,outside) dynamic interface
I am not sure, what is this for, as you already have another NAT statement which is correct and will be used for inside users when they will try to go to internet.
-
Pulkit
05-07-2020 12:14 PM
Corrected that a while ago, guess I uploaded the wrong config file. I have added the right one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide