09-13-2019 04:19 PM
Hello,
Below is a section of a GNS topology I'm working on. I'm not having much luck when attempting to connect to the DMZ webserver (bottom right of image) from the webterm appliance (upper left hand corner)
What is working;
1. Outbound PAT, both machines are able to ping the IP on the outside of the routers (209.66.200.2 and 209.65.200.2)
I've included the ACL config for the ASA (the NAT statement image on the router doesn't show the 443 map), as the DMZ has a security level of 50. I am just learning about the ASA, but this seems like a NAT issue on the EDGEROUTER, the config for this is also shown.
I've setup a similar layout in GNS before, but instead of trying to access a webserver in a DMZ, I was trying to SSH to an internal device from outside. The static NAT statement worked, and the ACL on the ASA was configured in a similar way. In that setup, when viewing the NAT translations on the EDGEROUTER, a mapping could be seen when the connection came in.
With this setup, I've enabled a detailed NAT debug on the EDGEROUTER, and can see plenty of 'NAT: API Failed to get Translated-Info from:' messages in the output.
Is there anything funky happening because BGP separates these two routers?
Many thanks,
09-14-2019 12:10 AM
Hi,
You will need to modify the NAT configuration on the EDGEROUTER as follows:
no ip nat source static tcp 10.0.0.6 80 209.65.200.2 80
ip nat inside source static tcp 10.0.0.6 80 209.65.200.2 80
ip nat inside source static tcp 10.0.0.6 443 209.65.200.2 443
HTH,
Meheretab
09-14-2019 01:27 AM
09-14-2019 10:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide