10-02-2007 11:49 AM - edited 03-11-2019 04:19 AM
Hello,
I have one more question as a result of a lab setup.I have 2, 3640s...I have their configs below.
One 3640 can ping 129.4.4.4 and it is natted to outside interface of ASA which is 140.1.1.1.
The other 3640 can ping 130.4.4.4 which is natted to outside interface of ASA..
However, if I do an extended ping from the outside nat interface....it can't find its way.
I also tried putting a laptop on the outside ethernet port of one of the 3640s...it can ping the outside interface of the ASA just fine....but can't ping 130.4.4.4 which is natted to the outside IP of the ASA.
Router one
Router#show run
Building configuration...
Current configuration : 1170 bytes
!
version 12.1
!
hostname Router
!
logging buffered 16384 debugging
logging rate-limit console 10 except errors
aaa new-model
aaa authentication login default local
!
username jcornelson privilege 15
ip subnet-zero
!
no ip finger
Router#
Router#show run
Building configuration...
Current configuration : 1170 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
logging buffered 16384 debugging
logging rate-limit console 10 except errors
aaa new-model
aaa authentication login default local
!
username jcornelson privilege 15
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
!
call rsvp-sync
cns event-service server
!
interface Ethernet0/0
ip address 140.x.x.2 255.255.255.0
ip nat inside
full-duplex
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 2.x.x.2 255.255.255.0
ip nat outside
full-duplex
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 2.2.x.x.0.0.255 area 0
network 140.x.x.0 0.0.0.255 area 0
!
ip nat inside source static 140.1.1.1 130.4.4.4
ip classless
ip route 0.0.0.0 0.0.0.0 140.1.1.1
no ip http server
!
dial-peer cor custom
!
!
end
_____________________
Router 2
router3640#show run
Current configuration:
!
version 12.0
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname router3640
!
logging buffered 16384 informational
aaa new-model
aaa authentication login default local
enable secret xxx
enable password xxx
!
username jcornelson privilege 15 password 0 cisc0007
!
ip subnet-zero
no ip domain-lookup
!
cns event-service server
!
process-max-time 200
!
interface Ethernet0/0
ip address 140.x.x.3 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0/0
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 3.x.x.3 255.255.255.0
no ip directed-broadcast
ip nat outside
no keepalive
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
network 3.3.x.x.0.0.0 area 0
network 140.x.x.0 0.0.0.255 area 0
!
ip nat inside source static 140.x.x.1 129.4.4.4
ip classless
no ip http server
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
!
end
Below is diagram. If I ping 129.4.4.4 from router 1, it works. If I do extended ping from router one with 3.3.3.3 as the source it doesn't work.
Same problem is on the other router.
laptop 2.2.2.3
def gate 2.2.2.2
__________
outside 3.3.3.3 outside 2.2.2.2
Router one router3640
inside 140.1.1.3 inside 140.1.1.2
outside 140.1.1.1
ASA 5510
router 1ip nat router3640 ip nat
140.x.x.1 129.4.4.4 140.x.x.1 130.4.4.4
This really has me baffled. I shouldn't have to put static routes to the natted address....which doesn't work anyway. I am not sure what is going on.
10-02-2007 12:50 PM
Hi Joe
Can you just confirm that your ASA has a route back to 2.2.2.x and 3.3.3.x networks.
If not you need to add routes for the individual networks onto your ASA.
If you do, could you post relevant part of config and i can lab it up tomorrow.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: