Solved: ASA5512 NAT,ACL problem

Samer R. Saleem · ‎06-15-2015

Hi all,

i have problem to ping from one host inside DMZ to its public ip and to another host on dmz public ip

the host ip on dmz is 172.16.16.100

i cant ping fro 172.16.16.100 to its public ip which is 1.1.1.100

and cant ping from it also to the 2nd host public ip which is 1.1.1.101 [ private ip is 172.16.16.101 ]

note:- the 2nd host on DMZ is able to reach its public ip and also able to reach the 1st host public ip

so my question is :- how to make 172.16.16.100 able to reach its public interface ip 1.1.1.100 and the public ip of the 2nd host in dmz which is 1.1.1.101 ??

is there something i can do regard this??

also please find drawing i've attached.

Aref Alsouqi · ‎06-15-2015

Hi Samer,

One thing I would think about that might cause this issue would be an access list entry that deny the traffic from host 172.16.16.100 towards its public ip address, please make sure there is any entry similar to that. If that is not the case, please post your sanitized configurations for review.

Regards,

Aref

View solution in original post

Aref Alsouqi · ‎06-15-2015

Hi Samer,

One thing I would think about that might cause this issue would be an access list entry that deny the traffic from host 172.16.16.100 towards its public ip address, please make sure there is any entry similar to that. If that is not the case, please post your sanitized configurations for review.

Regards,

Aref

Samer R. Saleem · ‎02-10-2016

شكرا اخ عارف

بالضبط هذه كانت المشكله

Samer R. Saleem · ‎02-10-2016

Hi,

the resolution was to enable traffic between interfaces, i used ASDM for that, now its all good.