03-21-2012 11:00 AM - edited 03-07-2019 05:42 AM
I know this is a pretty typical way to start this off but I am a bit of a newbie with VLANs and Cisco equipment. I am attempting to setup a communication between 2 VLANs. This setup is between two seperate medical practices Client1 who I have access to and Client2 which is not managed by be. I have access to only one of the practice's equipment. I have physically attached a cable from thier switch to my ASA in an attempt to get access to a shared server on Client2's network. I have created a VLAN called dmz to allow access from Client1 to the Client2. So far I am able to access the server from Client1 but I need to enable bi-directional access from Client2 to Client1's network. Namely to enable the ability for the server at Client2 to contact a printer on Client1's network. I have a visio that I have attached and the show run is also attached.
Can anyone point me in the right direction?
Solved! Go to Solution.
03-21-2012 01:51 PM
when I enter the nat (inside) 1 access-list NAT-TO-OUTSIDE i get the error:
ERROR: Deny rules not supported in policy Nat
03-21-2012 01:45 PM
Working!
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Reply from 192.168.51.101: bytes=32 time=1ms TTL=128
Ping statistics for 192.168.51.101:
Packets: Sent = 50, Received = 50, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 8ms, Average = 1ms
Pinging 192.168.50.140 with 32 bytes of data:
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Reply from 192.168.50.140: bytes=32 time=1ms TTL=128
Ping statistics for 192.168.50.140:
Packets: Sent = 15, Received = 15, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Control-C
03-21-2012 01:51 PM
Perfect !
Regards
Dan
03-21-2012 01:17 PM
TEXASVOICE# packet-tracer input dmz icmp 192.168.50.100 0 0 192.168.51.100
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.51.0 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group dmz_access_in in interface dmz
access-list dmz_access_in extended permit ip any any
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any dmz any
dynamic translation to pool 1 (No matching global)
translate_hits = 29, untranslate_hits = 0
Additional Information:
Result:
input-interface: dmz
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
TEXASVOICE#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide