Hello, 

Well everything is in the title. My ASA doesn't translate the IP address when i try to ping a router in the external network.

Here's my topology and my ASA configuration.

EDIT : I tried to ping the same router from my DHCP server, which is in the vlan 1, directly connected to my multilayyer switch (netword 192.168.1.0/24). Turns out these precise icmp packages get translated as expected.

Now i compared the asa configurations between vlan 1 and vlans 10,20,30, and i can't spot any difference, so really i don't get it.

EDIT 2 : Screen capture below !!

: Saved

:

ASA Version 8.4(2)

!

hostname ciscoasa

names

!

interface Ethernet0/0

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

switchport access vlan 3

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

!

interface Vlan2

no forward interface Vlan1

nameif dmz

security-level 70

ip address 192.168.0.14 255.255.255.240

!

interface Vlan3

nameif outside

security-level 0

ip address 200.0.0.1 255.255.255.248

!

object network dmz-server

host 192.168.0.5

object network inside-net

subnet 192.168.1.0 255.255.255.0

object network inside-net-vlan10

subnet 192.168.10.0 255.255.255.0

object network inside-net-vlan20

subnet 192.168.20.0 255.255.255.0

object network inside-net-vlan30

subnet 192.168.30.0 255.255.255.0

!

route inside 192.168.10.0 255.255.255.0 0.0.0.0 1

route inside 192.168.20.0 255.255.255.0 0.0.0.0 1

route inside 192.168.30.0 255.255.255.0 0.0.0.0 1

route outside 0.0.0.0 0.0.0.0 200.0.0.2 1

!

access-list OUTSIDE-DMZ extended permit tcp any host 192.168.0.5 eq www

access-list OUTSIDE-DMZ extended permit icmp any host 192.168.0.5

!

!

access-group OUTSIDE-DMZ in interface outside

object network dmz-server

nat (dmz,outside) static 200.0.0.1

object network inside-net

nat (inside,outside) dynamic interface

object network inside-net-vlan10

nat (inside,outside) dynamic interface

object network inside-net-vlan20

nat (inside,outside) dynamic interface

object network inside-net-vlan30

nat (inside,outside) dynamic interface

!

!

!

!

!

!

!

telnet timeout 5

ssh timeout 5

!

dhcpd address 192.168.1.5-192.168.1.36 inside

dhcpd enable inside

!

!

!

!

!