Re: Cisco ASA 5525x DNAT configuration for icmp echo

CiscoJane · ‎11-07-2023

Hello all,

I need some helps regarding Cisco ASA 5525X DNAT for icmp echo. Our organization want to use icmp echo reply from a public ip address which translated to internal server for some reason. I have no idea how to configure DNAT for icmp at ASA.

i cannot define the following information, when i add icmp type (0), it does not work, cannot get any reply.

Thanks much for any response.

MHM Cisco World · ‎11-07-2023

there is type and code
the request is 8 0
the reply is 0 0

Thanks A Lot
MHM

CiscoJane · ‎11-12-2023

when i write DNAT rules using your provided information. it is saying this error as belows.

here is my icmp object

MHM Cisco World · ‎11-13-2023

sorry can you write the NAT you want here to apply
write it as CLI and I guide you to apply via ASDM

Thanks A Lot
MHM

CiscoJane · ‎11-13-2023

here is my scenario, pls help. thanks.

Aref Alsouqi · ‎11-13-2023

You would need something similar to this to be able to ping the internal server with its public ip and get the replies sourcing from the private ip:

nat (inside,any) source static ap-private-IP ap-public-IP

nat (inside,outside) source dynamic lan interface

or

nat (inside,inside) source static ap-private-IP ap-public-IP

nat (inside,outside) source static ap-private-IP ap-public-IP

nat (inside,outside) source dynamic lan interface