02-07-2011 07:15 AM - edited 03-11-2019 12:45 PM
Hello everyone,
I have attahched an ASA configuration, along with 2 routers attached to this asa , one called inside and other outside.
I have configured 2 sub interfaces on the inside router with 10.10.15.3 and 10.10.10.3, with default route 0.0.0.0 0.0.0.0 10.10.15.1 to send traffic to asa
I am going to pat the 10.10.15.0 subnet on port address translation and dynamic nat 10.10.10.0 subnet on the address pool of 66.128.95.146 255.255.255.248
I can't get these both together up and running , I can ping address 66.128.95.145 but not 66.128.95.241, I am really disappointed, everythig looks ok , but just doesn't work.
Can someone please look at this and let me know what is my problem?
Best Regard,
-Rouzbeh
02-07-2011 08:26 AM
your configuration looks fine. Can you tell me if you can do the following test:
Ping from the ASA the IP that is not working for you (66.128.95.241)?
If that doesn't work then the issue is not your ASA.
NAT is configured fine, ACLs are allowing the traffic. The next hops are directly connected.
You should check the logs on the ASA and if possible test with a packet tracer.
02-07-2011 08:36 AM
Hello,
I can not ping 66.128.95.241, but I can ping 66.128.95.145 with the default route of 0.0.0.0 0.0.0.0 10.10.10.1
Then when I change default route to 0.0.0.0 0.0.0.0 10.10.15.1 I can ping 66.128.95.241, and can't ping 66.128.95.145, isn't is odd?
Best Regards,
-Rouzbeh
02-07-2011 08:42 AM
ok, now I see what is going on. since you have a default route configured the router will send the traffic to that IP when it doesn't know where the destination IP is located. You will need static routes for each destination.
try the following
ip route 0.0.0.0 0.0.0.0 10.10.15.1
ip route 66.128.95.146 255.255.255.248 10.10.10.1
or you could also try on the inside router
ip route 0.0.0.0 0.0.0.0 10.10.15.1
ip route 0.0.0.0 0.0.0.0 10.10.10.1
This is just a routing problem. Please let me know if that works.
02-07-2011 10:19 AM
Man this is working!!
You are awesome, I don't know how to expose my happiness and appreciation.
Thank you very much!
-Rouzbeh
02-07-2011 11:01 AM
I am glad to hear that it worked for you.
If possible please mark the question as resolved.
Have a good day.
02-07-2011 08:44 AM
I forgot to tell, I checked with packet tracer, and tried to ping 66.128.95.145 from subnet 10.10.10.2 it works
but from either from 10.10.15.2 to 66.128.95.145 doeasn't, I am screwed.
Best Regards,
-Rouzbeh
02-07-2011 08:49 AM
how are you testing the traffic? Using a ping?
If so, are you using the following sintax:
ping 66.128.95.241 source FastEthernet1.2
and
ping 66.128.95.145 source FastEthernet0.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide