Not able to ping natted I.P from inside

Unanswered Question
May 5th, 2007
User Badges:

we are using ASA5505 having two interfaces inside(Security level 100) outside (security level 50)


We had statically natted I.P X.X.X.X (inside ) to Y.Y.Y.Y (Public I.P).We are able to ping this public I.P from Internet ,also nat is working successfully.


we are able to ping natted I.P from ouside i.e Y.Y.Y.Y but we are not able to ping it from inside .


below is the configuration done


static (inside,outside) Y.Y.Y.Y X.X.X.X netmask 255.255.255.255


Regards

Ajay






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zulqurnain Sun, 05/06/2007 - 23:20
User Badges:
  • Bronze, 100 points or more

hello,


i maybe wrong but how could you even ping this natted ip from outside to inside, whereas my understanding says that pix doesn't allow any icmp traffic espacially if coming from higher security interface to lower security interface.

ajaykumar2k1 Mon, 05/07/2007 - 01:12
User Badges:

Thanks for your reply


My problem has been resolved .


Regards

Ajay

zulqurnain Mon, 05/07/2007 - 04:29
User Badges:
  • Bronze, 100 points or more

hello,


you are always welcome, but if you don't mind i would really like to know how you solved it.

steve_perrone Wed, 06/27/2007 - 11:13
User Badges:

We are having the exact same problem.


Could you elaborate on how you solved this issue.


Thank you

acomiskey Wed, 06/27/2007 - 11:16
User Badges:
  • Green, 3000 points or more

Steve, could you elaborate on your problem? How many interfaces are we talking about here? Give us a little more info.


For example if you have 3 interfaces and have


static (dmz,outside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255


You can ping 1.1.1.1 from outside but not from the inside. You would need to add something like this if you wanted to do so....


static (dmz,inside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255


Here are a few options for 2 interfaces

1. dns doctoring

2. hairpinning


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml


Please rate helpful posts

steve_perrone Wed, 06/27/2007 - 11:24
User Badges:

Well, I guess I got a little trigger happy and sent off this post before reading trough all posts.


I got my answer here

ns&loc=.1dde631e/4&forum=Security&topic=Firewalling

acomiskey Wed, 06/27/2007 - 11:27
User Badges:
  • Green, 3000 points or more

Could you post that link again. Was it the same solution as I posted above?

Actions

This Discussion