ASA - NAT - VLANS

Unanswered Question
Apr 2nd, 2009

I want to start by thanking everyone for taking the time to ready this. We currently have a Fortigate firewall in place. We have multiple VLANS seperating our voip phone system from the rest of our traffic, and we also seperate out our guest wireless network. We just bought an ASA 5540. I have setup ASA's before and I seem to always miss one little detail and Im so mad at myself when I contact the TAC and they fix it within mins. So hopefully someone here can help me. I can ping the internal interface but nothing past that from the inside.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 04/02/2009 - 18:40

try removing all of your icmp acl's and access-group commands.

instead try turning on icmp inspection globally:

policy-map global_policy

class inspection_default

inspect icmp

j_Pearcy00 Thu, 04/02/2009 - 18:57

I should have been more detailed on my problem. It isnt just ICMP that is not getting from the inside to the rest of the world. Its everything. I know my default route is right because Im able to ping the outside interface from a machine out on the web.

vikram_anumukonda Thu, 04/02/2009 - 19:03

are the interface names in the nat statement correct. I don't see an ip-address assigned to interface named as Inside.

global (Outside) 1 interface

nat (Inside) 1 0.0.0.0 0.0.0.0 outside

j_Pearcy00 Thu, 04/02/2009 - 19:53

do I have to add the Nat (Interface) 1 0.0.0.0 0.0.0.0 outside for each Vlan?

vikram_anumukonda Thu, 04/02/2009 - 21:30

nat (Internal) 1 0.0.0.0 0.0.0.0

nat (Vlan_Phones) 1 0.0.0.0 0.0.0.0

global (Outside) 1 interface

Actions

This Discussion