09-26-2013 11:54 PM - edited 03-11-2019 07:44 PM
Hyi have face problem regradin traffic from outside to insdie having applying acl below here
access-list 101 permit ip any any
APPLY on outside interface
access-group 101 in interface outside
but my traffice didnt pass through from outside to indie
Navaz
Solved! Go to Solution.
10-03-2013 12:04 AM
Hello Navaz,
I think we are confused here.
We all asume this is just for testing purposes.
If what you want is to allow all traffic traversing the ASA from out in, in out
No nat-control
no global (outside) 1 10.1.1.30
no nat (inside) 1 192.168.1.0 255.255.255.0
no static (outside,inside) 10.1.1.30 10.1.1.2 netmask 255.255.255.255
Leave the ACL configuration u have so far and then you will have a Firewall configured to act as No Firewall hehe weird enough!
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
10-03-2013 04:08 AM
Hi,
Check the routes on your routers, even it is directly connected but you need a route on each router for the other subnet behind the firewall.
OR
You can configure static xlate on the firewall to reach the internal subnet usind a direct natted IP from the external range
10-10-2013 12:28 AM
i am sending you my NAT configuration
nat-control
global (outside) 1 10.1.1.10
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) 10.1.1.2 192.168.1.2 netmask 255.255.255.255
access-group 101 in interface outside
access-group 101 out interface inside
And Routes at Inside Router
S 10.1.1.2 [1/0] via 192.168.1.1
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
And Routes at Outside Router
C 10.1.1.0 is directly connected, GigabitEthernet0/0
192.168.1.0/32 is subnetted, 1 subnets
S 192.168.1.2 [1/0] via 10.1.1.1
Problem is:
The problem is that i cant ping from outside to inside.
Navaz
10-10-2013 04:17 AM
Hi,
Option 1:
No nat-control
using ACL for permit and static route for routing
Option 2
nat con-trol
using nat0 (exempt).
10-10-2013 08:52 PM
can i use static nat for low to high and nat globle for hihg to low?
Navaz
10-10-2013 09:02 PM
Hi
I think that you can use.
10-10-2013 10:09 PM
can you send me the configuration?
Navaz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide