02-18-2018 10:06 AM - edited 03-08-2019 01:54 PM
Hay guys
I have a L3 switch with multiple vlans and inter-vlan routing going on. The L3 switch connects to an ASA appliance which splits to the outside and a DMZ. I have configured NAT and the servers in the DMZ can ping outside and NAT takes places as expected. The hosts of the network on the other hand ping to the outside and the packets gets dropped by the router I am pinging because NAT hasn't taken place and I don't know why. I have set static routes on the ASA to each vlan and a static route between the L3 switch and ASA. Any ideas whats happening?
I have attached some images on the network on PT and here is the ASA config;
ASA Version 8.4(2) ! hostname ciscoasa names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 switchport access vlan 3 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 10.0.0.2 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 172.168.1.2 255.255.255.0 ! interface Vlan3 no forward interface Vlan1 nameif DMZ security-level 50 ip address 172.168.2.1 255.255.255.0 ! object network inside-dmz subnet 172.168.2.0 255.255.255.0 object network inside-floor1-it subnet 10.1.0.0 255.255.255.0 object network inside-net subnet 10.0.0.0 255.255.255.0 ! route outside 0.0.0.0 0.0.0.0 172.168.1.1 1 route inside 10.1.10.0 255.255.255.0 10.0.0.1 1 route inside 10.1.20.0 255.255.255.0 10.0.0.1 1 route inside 10.1.30.0 255.255.255.0 10.0.0.1 1 route inside 10.2.10.0 255.255.255.0 10.0.0.1 1 route inside 10.2.20.0 255.255.255.0 10.0.0.1 1 route inside 10.2.30.0 255.255.255.0 10.0.0.1 1 route inside 10.3.30.0 255.255.255.0 10.0.0.1 1 route inside 10.3.20.0 255.255.255.0 10.0.0.1 1 route inside 10.3.10.0 255.255.255.0 10.0.0.1 1 route inside 10.0.0.0 255.255.255.0 10.0.0.1 1 ! ! ! object network inside-dmz nat (DMZ,outside) dynamic interface object network inside-floor1-it nat (inside,outside) dynamic interface object network inside-net nat (inside,outside) dynamic interface ! ! telnet timeout 5 ssh timeout 5 ! dhcpd auto_config outside ! dhcpd enable inside ! !
Solved! Go to Solution.
02-18-2018 10:43 AM
Hi,
Have you configured the ACLs to allow the communication and also you need to create the access-groups to associate the ACLs to the interfaces.
Also remember configure the routes to reach the internal networks on the router.
:-)
02-18-2018 10:43 AM
Hi,
Have you configured the ACLs to allow the communication and also you need to create the access-groups to associate the ACLs to the interfaces.
Also remember configure the routes to reach the internal networks on the router.
:-)
02-18-2018 11:49 AM
02-18-2018 12:17 PM
Got it working dude, you were right thanks alot :)
02-18-2018 03:52 PM - edited 02-18-2018 03:53 PM
Hi
You are welcome, Im glad to hear that
:-)
02-01-2019 05:21 PM
Hi Ammit, Any chance you could post the new configurations please???
Thx and regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide