11-07-2023 12:29 AM
Hello all,
I need some helps regarding Cisco ASA 5525X DNAT for icmp echo. Our organization want to use icmp echo reply from a public ip address which translated to internal server for some reason. I have no idea how to configure DNAT for icmp at ASA.
i cannot define the following information, when i add icmp type (0), it does not work, cannot get any reply.
Thanks much for any response.
11-07-2023 12:45 AM
there is type and code
the request is 8 0
the reply is 0 0
Thanks A Lot
MHM
11-12-2023 08:59 PM
when i write DNAT rules using your provided information. it is saying this error as belows.
here is my icmp object
11-13-2023 12:44 AM
sorry can you write the NAT you want here to apply
write it as CLI and I guide you to apply via ASDM
Thanks A Lot
MHM
11-13-2023 08:16 PM
here is my scenario, pls help. thanks.
11-13-2023 01:38 AM
You would need something similar to this to be able to ping the internal server with its public ip and get the replies sourcing from the private ip:
nat (inside,any) source static ap-private-IP ap-public-IP
nat (inside,outside) source dynamic lan interface
or
nat (inside,inside) source static ap-private-IP ap-public-IP
nat (inside,outside) source static ap-private-IP ap-public-IP
nat (inside,outside) source dynamic lan interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide