Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
3
Replies

ASA5505 NAT a Server from an Interface to Inside-LAN

Daniel Groth
Level 1
Level 1

‎05-31-2016 10:22 AM - edited ‎03-12-2019 12:49 AM

Dear All,

Maybe I am just doing a simple routing-Problem but I can not resolve my Problem. Please help.

Thats the environment:

Cisco ASA5505 Sec+ 9.2(4) with 4 zones:inside (Sec:100), guest (Sec:99), tva (Sec:10), outside (Sec:0)

In the past, this firewall was just used to setup a guestlan (guest) with access to the Internet (outside). Thats ok.

Then we added the Interface (tva) as a detcated Network for our PBX to Access the Management from the guestlan. That runs ok.

Now we added the interface (inside), to connect the existing Network from the customer with the IP-address of the pbx.

The inside-lan is 10.1.86.0/24, the tva-lan is 192.168.10.0/24 and the ip of the pbx is 192.168.10.99.

Now I try to NAT the 192.168.10.99 from interface (tva) to 10.1.86.15 at the interface (inside) to get Access to http and https -> does not work.

I tried to set it up with Dynamic PAT in interface inside and translate the port 80 and 443 and of course an dynamic and static address Translation. It does not matter, it does not work in real life, but all the time with the packettracer.

*** Maybe the problem is beacause of the default-route in the inside and tvy Zone does not point to the ASA?

Any idea is welcome, Daniel

 

Labels:
0 Helpful
3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-31-2016 10:32 AM

Hi Daniel,

Could you share the sanitized outputs for the NAT config and also post the packet tracer results ?

When you say its not working in the real time what syslogs do you see on the ASA ?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

Daniel Groth
Level 1
Level 1
In response to Aditya Ganjoo

‎05-31-2016 12:06 PM

****************
nat (guest,outside) source dynamic guest interface
nat (guest,tva) source dynamic guest interface destination static tva tva
nat (inside,tva) source dynamic inside interface destination static tva tva
object network pbx
 nat (tva,inside) static pbx-inside no-proxy-arp
**************

attached the syslog entries if I make a TCP ping, and the packettracer

Preview file
35 KB
Preview file
33 KB
0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to Daniel Groth

‎05-31-2016 12:21 PM

Hi Daniel,

The Syslogs show SYN timeout.

Are we sure that the requests are reaching the server and it is replying back ?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card