01-25-2018 02:43 AM - edited 02-21-2020 07:12 AM
Hi ,
In have a Cisco ASA 5550 in which I have configured Gi0/0 as 10.51.20.5 mask 255.255.255.0
I am accessing it from 172.16.20.0/24 subnet.
I have NATed 10.51.20.5 to 172.16.20.5 IP. If I keep my system in 10.51.20.0/24 subnet, I am able to access ASDM.
Now when I ping 172.16.20.5, its pinging. But I am not able to access ASDM on this NATed IP.
Can someone please help, as to what I might be missing in the configuration on ASA.
I also configured below 2 commands on ASA:
http 10.51.20.0 255.255.255.0 INTERNAL
http 172.16.20.0 255.255.255.0 INTERNAL
01-25-2018 03:11 AM - edited 01-25-2018 03:16 AM
Hello,
Could you please share the config of ASA and the layer3 device on which NAtting is done?
HTH
AJ
01-25-2018 04:36 AM
Hi Ajay,
I have attached my network diagram.
So I am trying to access ASDM on Red Firewall. So when I ping 172.16.20.5 IP, it gets NAT to 10.51.20.5 on Blue Firewall and then reaches Red Firewall. As I said, ping is working so there is no issue in NAT or route. I am not sure, why the ASDM is not getting opened up. Now if I connect my system to Yellow switch and keep my system's IP as 10.51.20.x it is able to access ASDM.
Kindly help.
01-27-2018 10:43 PM
Thanks for the diagram. Lets take captures on the red firewall G0/0 interface to see if the packet is reaching the firewall.
capture capin interface <interface_name> match tcp any any eq 443
Ref Doc:
It will help us to see if you have the traffic reaching the firewall and if reply is being sent. It must be one of those simple things I believe.
-
HTH
AJ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide