cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8375
Views
0
Helpful
21
Replies

Outside to Inside with NAT

Navaz Wattoo
Level 1
Level 1

Hyi have face problem regradin traffic from outside to insdie having applying acl below here

access-list 101 permit ip any any

APPLY on outside interface

access-group 101 in interface outside

but my traffice didnt pass through from outside to indie

Navaz       

Navaz
21 Replies 21

Hello Navaz,

I think we are confused here.

We all asume this is just for testing purposes.

If what you want is to allow all traffic traversing the ASA from out in, in out

No nat-control

no global (outside) 1 10.1.1.30

no nat (inside) 1 192.168.1.0 255.255.255.0

no static (outside,inside) 10.1.1.30 10.1.1.2 netmask 255.255.255.255

Leave the ACL configuration u have so far and then you will have a Firewall configured to act as No Firewall hehe weird enough!

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Anas Hijjawi
Level 1
Level 1

Hi,

Check the routes on your routers, even it is directly connected but you need a route on each router for the other subnet behind the firewall.

OR

You can configure static xlate on the firewall to reach the internal subnet usind a direct natted IP from the external range

Thanks, Anas *--* Please rate the useful post,its free ;) *--*

i am sending you my NAT configuration

nat-control  

global (outside) 1 10.1.1.10

nat (inside) 1 192.168.1.0 255.255.255.0

static (inside,outside) 10.1.1.2 192.168.1.2 netmask 255.255.255.255

access-group 101 in interface outside

access-group 101 out interface inside

And Routes at Inside Router

S       10.1.1.2 [1/0] via 192.168.1.1

C    192.168.1.0/24 is directly connected, GigabitEthernet0/0

And Routes at Outside Router

C       10.1.1.0 is directly connected, GigabitEthernet0/0

     192.168.1.0/32 is subnetted, 1 subnets

S       192.168.1.2 [1/0] via 10.1.1.1

Problem is:

               The problem is that i cant ping from outside to inside.


Navaz

Navaz

Hi,

Option 1:

     No nat-control

     using ACL for permit and static route for routing

Option 2

nat con-trol

using nat0 (exempt).

can i use static nat for low to high and nat globle for hihg to low?

Navaz

Navaz

Hi

I think that you can use.

can you send me the configuration?

Navaz

Navaz
Review Cisco Networking for a $25 gift card