Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
0
Helpful
7
Replies

Ping "Route Outside" gateway from laptop

Go to solution
eford
Level 1
Level 1

‎03-22-2017 08:12 AM - edited ‎03-12-2019 02:06 AM

.. I am currently upgrading Cisco ASA's from 5505 to a 5508-x. Network looks like this::

Lines = Path

xxxx = Cisco ASA 5508-x

64.98.145.173 (Example)---------------------xxxx--------------------------------(172.20.1.5)Laptop

Cisco ASA Gateway = 64.98.145.173

Cisco ASA Outside Interface = 64.98.145.174

Cisco ASA Inside Interface = 172.20.0.2

Laptop = 172.20.1.5

I can ping 64.98.145.173 from Cisco ASA

I can ping inside interface from laptop

I cannot ping 64.98.145.173 from laptop

I believe it's a NAT issue (could be wrong) but I'm not sure how to enter the NAT statement on the Cisco ASA.

Any suggestions would be appreciated. Also, if its not a NAT issue please lead me in the correct direction please

Thank You

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to eford

‎03-27-2017 07:25 AM

Sorry - my syntax was a bit off. Was working from iPad when I replied.

Try:

nat (inside,outside) after-auto source dynamic any interface

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-25-2017 07:27 PM

Please share your current NAT configuration ("show run nat"). 

We would normally expect an after-auto dynamic interface NAT rule for traffic from inside to outside. Something like:

nat (inside,outside) dynamic interface

0 Helpful

Go to solution
eford
Level 1
Level 1
In response to Marvin Rhoads

‎03-27-2017 05:23 AM

Show run nat >> Gave no output, completely emptyp. Just went down to the next line without any output

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to eford

‎03-27-2017 06:42 AM

So that tells us you have no NAT rules. In other words, traffic from your private IP space (172.20.x.x) will appear to any external addresses unchanged. Since the extrnal address you gave is a public IP, it won't normally know how to send the return traffic to a private network.

If you put in the interface NAT statement like I mentioned earlier, that traffic from your internal hosts will take on the public (outside) IP address of the ASA as it egresses and thus upstream hosts will know where to send the return traffic.

0 Helpful

Go to solution
eford
Level 1
Level 1
In response to Marvin Rhoads

‎03-27-2017 07:22 AM

This may be a "dummy" mistake but when I enter:

nat (inside,outside) dynamic Interface I am getting the error invalid input

arrow points at the word dynamic also...

Thanks

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to eford

‎03-27-2017 07:25 AM

Sorry - my syntax was a bit off. Was working from iPad when I replied.

Try:

nat (inside,outside) after-auto source dynamic any interface
0 Helpful

Go to solution
eford
Level 1
Level 1
In response to Marvin Rhoads

‎03-27-2017 09:10 AM

That did it.. Thank You

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to eford

‎03-27-2017 07:36 PM

You're welcome. Thanks for the rating.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card