Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
4
Helpful
3
Replies

Destination NAT

kuskur.vishwanatha
Level 1
Level 1

‎09-01-2016 03:57 AM - edited ‎03-12-2019 01:13 AM

Please Help. Not able to get the answer.

 

Using GNS3 with ASA 8.4 & ASDM 7.1.

Can ping from inside to outside but cannot ping from DMZ to Outside.

Cannot ping from outside to inside or DMZ.

Router on Outside interface is just to see whether ping packets are reaching or not ( using Debug ip icmp).

Using Virtual box to access ASDM on XP. So no configuration for Gigabit Ethernet Interface 03.

Labels:
Preview file
4 KB
0 Helpful
3 Replies 3

Pawan Raut
Level 4
Level 4

‎09-01-2016 05:12 AM

Very Simple by defualt trafic from lower security-level to higher security level not permit. As per your config

Outside security level 0

inside security level is 100

dmz security level 50

You have to add below command to allow traffic from same or lower security level to higher oe same security level interafce.

 same-security-traffic permit inter-interface

Regards,

Pawan CCIE 52104

Kindly rate for useful post

kuskur.vishwanatha
Level 1
Level 1
In response to Pawan Raut

‎09-01-2016 05:33 AM

Thank you.

But CCNA security exam require  to configure these using ASDM only.

Can you tell me how to configure using ASDM.

NAT statements are in place. Referred some documents & CBT nuggets. But not able to ping.

Vishwa

0 Helpful

kuskur.vishwanatha
Level 1
Level 1
In response to kuskur.vishwanatha

‎09-01-2016 06:44 PM

When ping from PC 1 to R1 ( inside to outside ), Ping was successful with  following debug output on ASA.

ciscoasa# ICMP echo request from inside:10.1.0.2 to outside:1.2.3.4 ID=27351 seq=1 len=56
ICMP echo request translating inside:10.1.0.2 to outside:1.2.3.10
ICMP echo reply from outside:1.2.3.4 to inside:1.2.3.10 ID=27351 seq=1 len=56
ICMP echo reply untranslating outside:1.2.3.10 to inside:10.1.0.2

When Ping from PC 2 to R1 ( dmz to outside ), 1.2.3.4 icmp_seq=1 timeout observed with debug output on ASA.

ciscoasa# ICMP echo request from dmz:172.16.0.2 to outside:1.2.3.4 ID=48344 seq=1 len=56
ICMP echo request translating dmz:172.16.0.2 to outside:1.2.3.10
ICMP echo reply from outside:1.2.3.4 to inside:1.2.3.10 ID=48344 seq=1 len=56
ICMP echo reply untranslating outside:1.2.3.10 to inside:10.1.0.2

Not able to make out why the untranslation going to 10.1.0.2 instead of 172.16.0.2

Regards

Vishwa

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card