ASA - NAT - VLANS

j_Pearcy00 · ‎04-02-2009

I want to start by thanking everyone for taking the time to ready this. We currently have a Fortigate firewall in place. We have multiple VLANS seperating our voip phone system from the rest of our traffic, and we also seperate out our guest wireless network. We just bought an ASA 5540. I have setup ASA's before and I seem to always miss one little detail and Im so mad at myself when I contact the TAC and they fix it within mins. So hopefully someone here can help me. I can ping the internal interface but nothing past that from the inside.

srue · ‎04-02-2009

try removing all of your icmp acl's and access-group commands.

instead try turning on icmp inspection globally:

policy-map global_policy

class inspection_default

inspect icmp

j_Pearcy00 · ‎04-02-2009

I should have been more detailed on my problem. It isnt just ICMP that is not getting from the inside to the rest of the world. Its everything. I know my default route is right because Im able to ping the outside interface from a machine out on the web.

vikram_anumukonda · ‎04-02-2009

are the interface names in the nat statement correct. I don't see an ip-address assigned to interface named as Inside.

global (Outside) 1 interface

nat (Inside) 1 0.0.0.0 0.0.0.0 outside

j_Pearcy00 · ‎04-02-2009

do I have to add the Nat (Interface) 1 0.0.0.0 0.0.0.0 outside for each Vlan?

vikram_anumukonda · ‎04-02-2009

nat (Internal) 1 0.0.0.0 0.0.0.0

nat (Vlan_Phones) 1 0.0.0.0 0.0.0.0

global (Outside) 1 interface