Hi Jc,

Sorry it was actually routed to 0.0.0.0 0.0.0.0 3.3.3.4 this is an example of connection going ISP. I'll try your suggestion thanks jc!

Hey my pleasure,

If you do not have any other question please mark it as answered Baltazar,

Regards

Hi JC,

I already put the route from ASA and configured NAT  outside router. It seems that the translation was not able to  translated. Is there any configuration should I add on ASA or in router  instead? Thanks!

Hello,

Can you share the entire configuration of the devices to double check if everything is as it should?

Regards

Hi JC,

Here's the configuration below.

Router 2600

Building configuration...

Current configuration : 1669 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.20.254

ip dhcp excluded-address 10.10.20.253

!

ip dhcp pool 10.10.20.0/24

   network 10.10.20.0 255.255.255.0

   default-router 10.10.20.254

   dns-server 8.8.8.8 4.2.2.2

!

!

ip name-server 8.8.8.8

ip name-server 4.2.2.2

!

interface FastEthernet0/0

description ##FACING-WAN##

ip address 202.120.1.2 255.255.255.240

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

description ##LAN-WORSTATION##

ip address 10.10.20.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 202.120.1.1

!

no ip http server

ip nat pool TEST 202.120.1.9 202.120.1.10 netmask 255.255.255.240

ip nat source list 7 pool TEST

!

access-list 7 remark Pool

access-list 7 permit 10.10.20.0 0.0.0.255

access-list 100 permit tcp 10.10.20.0 0.0.0.255 any eq telnet

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

access-class 100 in

login local

transport input telnet

!

!

end

ASA FIREWALL 8.6

sh run

: Saved

:

ASA Version 8.6(1)2

!

firewall transparent

names

!

interface GigabitEthernet0/0

nameif Outside

bridge-group 1

security-level 0

!

interface GigabitEthernet0/1

nameif Inside

bridge-group 1

security-level 100

!

interface GigabitEthernet0/2

nameif Inside2

bridge-group 1

security-level 100

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

!

interface GigabitEthernet0/4

shutdown

no nameif

no security-level

!

interface GigabitEthernet0/5

shutdown

no nameif

no security-level

!

interface Management0/0

nameif Management

security-level 0

management-only

!

interface BVI1

ip address 202.120.1.3 255.255.255.240

!

ftp mode passive

dns domain-lookup Outside

dns domain-lookup Inside

dns server-group DefaultDNS

name-server 8.8.8.8

name-server 4.2.2.2

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object ip

protocol-object icmp

object-group protocol DM_INLINE_PROTOCOL_2

protocol-object ip

protocol-object icmp

access-list Outside_access_in extended permit ip any any log disable

access-list Outside_access_in extended permit icmp any any log disable

access-list Inside_access_in extended permit ip any any log disable

access-list Inside_access_in extended permit icmp any any log disable

pager lines 24

mtu Outside 1500

mtu Inside 1500

mtu Management 1500

mtu Inside2 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

access-group Outside_access_in in interface Outside

access-group Inside_access_in in interface Inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 0.0.0.0 0.0.0.0 Inside

http 0.0.0.0 0.0.0.0 Inside2

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:80858c29d4cb42ba7aa174d09b7191dd

: end

Hello Baltazar,

On wich port is the ASA connected to that router?

I need the port numbers of both the router and ASA

Hi JC,

From router to ASA:

Fa0/0 to Gig0/1 (Inside ASA)

From ASA to WAN:

(Outside) G0/0 to G0/1 (WAN)

Hi JC,

I was able to do the translation. Thank you so much for your help. I just forgot to input the "ip nat inside source" instead.

Hello,

Yeah,

My pleasure to help