cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1394
Views
0
Helpful
0
Replies

Dynamic NAT is not working in ASA Firewall for VLANs [Packet Tracer].

rajan31
Level 1
Level 1

Topology: Capture2.PNG

 

Scenario:

  • NAT for hosts in any of the VLANs of Layer3-Switch not working.
  • Ping requests reaches outside server, but NAT is not working so ISP Router can't route the request back to ASA (because destination ip is Private IP address).
  • NAT is working if I ping outside server from Layer3-Switch

Please tell me the mistake or if it's any kind of bug in Packet tracer.

 

PKT FILE: https://drive.google.com/file/d/1qbVw9XsCtTbjeGmY5OpxK1552CULkq-C/view?usp=sharing 

 

I have provided the configuration, if you don't want to download file.


 

ASA Configuration:

interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 3
!
interface Vlan1
 no nameif
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 shutdown
!
interface Vlan2
 nameif inside
 security-level 100
 ip address 172.16.0.2 255.255.0.0
!
interface Vlan3
 nameif outside
 security-level 0
 ip address 51.1.1.1 255.0.0.0
!
object network LAN
 subnet 172.16.0.0 255.255.255.0
object network VLAN10
 subnet 192.168.10.0 255.255.255.0
object network VLAN20
 subnet 192.168.20.0 255.255.255.0
object network VLAN30
 subnet 192.168.30.0 255.255.255.0
object network VLAN40
 subnet 192.168.40.0 255.255.255.0
object network VLAN50
 subnet 192.168.50.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 51.1.1.2 1
route inside 192.168.0.0 255.255.0.0 172.16.0.1 1
!
access-list internet-to-local extended permit tcp any any
access-list internet-to-local extended permit icmp any any
!
!
access-group local-to-internet in interface outside
object network LAN
 nat (inside,outside) dynamic interface
object network VLAN10
 nat (inside,outside) dynamic interface
object network VLAN20
 nat (inside,outside) dynamic interface
object network VLAN30
 nat (inside,outside) dynamic interface
object network VLAN40
 nat (inside,outside) dynamic interface
object network VLAN50
 nat (inside,outside) dynamic interface

Layer3-Switch Configuration:

ip routing
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/1
 no switchport
 ip address 172.16.0.1 255.255.0.0
 duplex auto
 speed auto
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
 switchport access vlan 10
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/5
 switchport access vlan 20
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/6
 switchport access vlan 30
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/7
 switchport access vlan 40
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/8
 switchport access vlan 50
 switchport mode access
 switchport nonegotiate
!
interface Vlan1
 ip address 10.0.0.1 255.0.0.0
!
interface Vlan10
 mac-address 0001.426c.9901
 ip address 192.168.10.1 255.255.255.0
 ip helper-address 10.0.0.2
 ip helper-address 10.0.0.3
!
interface Vlan20
 mac-address 0001.426c.9902
 ip address 192.168.20.1 255.255.255.0
 ip helper-address 10.0.0.2
 ip helper-address 10.0.0.3
!
interface Vlan30
 mac-address 0001.426c.9903
 ip address 192.168.30.1 255.255.255.0
 ip helper-address 10.0.0.2
 ip helper-address 10.0.0.3
!
interface Vlan40
 mac-address 0001.426c.9904
 ip address 192.168.40.1 255.255.255.0
 ip helper-address 10.0.0.2
 ip helper-address 10.0.0.3
!
interface Vlan50
 mac-address 0001.426c.9905
 ip address 192.168.50.1 255.255.255.0
 ip helper-address 10.0.0.2
 ip helper-address 10.0.0.3
!
router ospf 1
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
 network 10.0.0.0 0.255.255.255 area 0
 network 172.16.0.0 0.0.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.2 

 

0 Replies 0
Review Cisco Networking for a $25 gift card