08-15-2013 12:56 PM - edited 03-04-2019 08:46 PM
Hi!
I have some trouble with configuration NAT. I created logical interface with Vlan's, and on one of them config NAT. But when i do ping from interface NewScene3K to internet all packets are lost.
That's my config:
ASA Version 9.1(1)4
!
hostname ciscoasa
enable password ** encrypted
passwd ** encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 10.10.10.18 255.255.255.240
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
nameif inside
security-level 100
no ip address
!
interface Ethernet0/3.30
vlan 30
nameif DomainServer
security-level 100
ip address 192.168.110.33 255.255.255.248
!
interface Ethernet0/3.40
vlan 40
nameif BackupServer
security-level 100
ip address 192.168.110.41 255.255.255.248
!
interface Ethernet0/3.50
vlan 50
nameif 1CServer
security-level 100
ip address 192.168.110.49 255.255.255.248
!
interface Ethernet0/3.60
vlan 60
nameif FileServer
security-level 100
ip address 192.168.110.65 255.255.255.248
!
interface Ethernet0/3.70
vlan 70
nameif KamisServer
security-level 100
ip address 192.168.110.73 255.255.255.248
!
interface Ethernet0/3.100
vlan 100
nameif TheatreMass
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/3.101
vlan 101
nameif NewScene1K
security-level 100
ip address 192.168.101.1 255.255.255.0
!
interface Ethernet0/3.102
vlan 102
nameif NewScene2K
security-level 100
ip address 192.168.102.1 255.255.255.0
!
interface Ethernet0/3.103
vlan 103
nameif NewScene3K
security-level 100
ip address 192.168.103.1 255.255.255.0
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk1:/asa911-4-k8.bin
boot config disk1:/cisco_work_0
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
08-16-2013 04:18 AM
Wrong forum, post to "Security". You can move your posting using the Actions panel on the right.
08-16-2013 06:01 AM
Hello
I dont see any NAT applied in this config -
Try this:
object network LAN
subnet 10.10.10.0 255.255.255.240
access-list 10 extended permit icmp any object LAN echo-reply
nat (inside,outside) dynamic interface
access-group 10 in interface outside
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
08-16-2013 06:29 AM
global (outside) 1 interface
nat (NewScene3K) 1 192.168.103.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 (next hope IP outside Interface)
08-16-2013 06:30 AM
global (outside) 1 interface
nat (NewScene3K) 1 192.168.103.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 (next hope IP outside Interface)
***Rate All Helpful Posts***
Jawad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide