ASA5540 NAT Problem

Unanswered Question
Apr 4th, 2008

I'm setting up ASA5540 to replace PIX525. I have a problem, traffic is not flowing from the DMZ to Outside interface. I enabled ping from the outside interface to dmz and debugged icmp trace. This is what i found, "ICMP echo request untranslating Outside: to DMZ:exchange

ICMP echo request from Outside: to DMZ: ID=1024 seq=24576 len=32"

Simply, there was no reply from the DMZ. And when i ping from DMZ to Outside, i dont see any traffic passing in ASA. Please help as my emails are not going out. Attached is my configuration file.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Fri, 04/04/2008 - 06:25

You need to allow icmp in your outside and dmz access lists. Also, you are only allowing your exchange server to smtp to

IT_Data_CorporateNet Fri, 04/04/2008 - 07:07

Sorry that config is rather old, i have this access list in my current config.

access-list outside_access_dmz extended permit icmp any host

but still i get the same.

I looked at your config and was extremely confused at what you're trying to accomplish. But, I only glanced at it and not trying to construct your network.

My suggestions, albeit a novice one, would be to add ICMP to your inspection. As far as the connectivity, I'm hard pressed to find what you're doing with the IP scheme and your nat0.



This Discussion