08-12-2023 02:08 AM - edited 08-12-2023 02:10 AM
my inside PCs is able to ping the server farm , use all the services in server farm. but the outside doesn't seem to be able to reach any services in server farm
there is an nat object configured to ensure that all internal pc gets translated . not sure whether it's this that's causing the issue
the nat translation counts only goes up if Main_Core Switch pings the ISP. other vlans IP ping to ISP will not increase the NAT translation count
i've attached the PKT file for reference
08-12-2023 04:08 AM
Hi @tyr668
About the Camboja does not ping the server farm is related to route. If you look at the router SG, it does not have route to 172.16.2.192/28. The OSPF between Router and ASA do not work well. And if you add a static route on SG router, the ping is only partial success.
You improved the topology by not connecting two switches to the firewall but the firewall is still failing.
08-12-2023 06:59 PM
but if i add ospf dynamic route, doesn't it make the NAT at (dmz, outside) and (inside, outside) irrelvant ? because one of the requirements is to use the NAT
08-12-2023 07:06 PM
my cambodia pc is still unable to reach the web server via http / https and smtp even after i've added the routes. seems to be blocked at the firewall .
08-13-2023 01:25 AM
I am not sure. I also did the test adding static route and I could ping but the ping is partial successfully
But you can add acl and test.
08-13-2023 01:28 AM
I dont rhink dynamic routing interfere on NAT. But the ospf on Firewall is not advertising the dmz network anyway and the nat from inside to outside does not work. I beleive this is a PacketTracer issue as the config seems to be correct
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide