12-11-2007 02:00 AM - edited 03-11-2019 04:41 AM
Hi,
I have a ASA5505 at the remote end (ip base) with a server in the DMZ. DMZ is 10.102.1.0/24 and LAN is 172.16.0.0/16.
I have created a site to site tunnel from our network and can connect to 172.16.0.0/16 fine. I have also added to the crypto map to pass 10.102.1.0/24 traffic down the tunnel. I have also permitted outside - inside traffic to the DMZ from my LAN subnet.
I still can't ping the DMZ from my LAN - is this possible or am I missing something?
Thanks
Solved! Go to Solution.
12-11-2007 02:20 AM
You should add conditional exempt nat rules
remote ASA
access-list dmz_nat0_outbound permit ip 10.102.1.0 255.255.255.0 yourlocallan netmask
nat (DMZ) 0 access-list dmz_nat0_outbound
your asa
access-list inside_nat0_outbound permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list inside_nat0_outbound permit ip yourlocallan netmask 10.102.1.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
access-list outside_xxx_cryptomap permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list outside_xxx_cryptomap permit ip locallan netmask 10.102.1.0 255.255.255.0
Regards
12-11-2007 02:20 AM
You should add conditional exempt nat rules
remote ASA
access-list dmz_nat0_outbound permit ip 10.102.1.0 255.255.255.0 yourlocallan netmask
nat (DMZ) 0 access-list dmz_nat0_outbound
your asa
access-list inside_nat0_outbound permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list inside_nat0_outbound permit ip yourlocallan netmask 10.102.1.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
access-list outside_xxx_cryptomap permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list outside_xxx_cryptomap permit ip locallan netmask 10.102.1.0 255.255.255.0
Regards
12-11-2007 02:27 AM
thanks a lot - totally forgot about that step!
Many thanks
Rob
12-11-2007 02:22 AM
Hi
Could you just elaborate on the topology. When you say you can't ping the DMZ from your LAN is this the same LAN as 172.16.0.0/16 or is this the remote network.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: