ASA5505 8.4 in Packet Tracer - Not translating outward bound inside addresses

dyates197 · ‎04-26-2020

I have been using ASDM for some time to configure ASA's and now working to have a better understanding of configuring using the CLI. I am using PT 7.3 to build a mock enterprise network and have run into a wall with configuring the ASA in the network. I'll provide image and config at the end of the post.

Here is the scenario:

I send an ICMP from SAP2 to Server3 and receive "request timed out"

I send an ICMP from YES-3560-1 to Server3 and receive "request timed out"

I send an ICMP from YES-2911-1 to Server3 and receive replies.

I send an ICMP from YES-ASA-1 to Server3 and receive replies.

I just can't seem to find where I went wrong.

Thank you in advance!

Pulkit Saxena · ‎05-07-2020

Hi,

The current configuration on ASA seems that it will allow pings from inside to internet, but not the vice versa, as the traffic should come on some translated IP address.

You should also check this NAT statement.

object network obj_208.165.200.0_outside
 nat (inside,outside) dynamic interface

I am not sure, what is this for, as you already have another NAT statement which is correct and will be used for inside users when they will try to go to internet.

-

Pulkit

dyates197 · ‎05-07-2020

Corrected that a while ago, guess I uploaded the wrong config file. I have added the right one.