05-22-2009 03:29 AM - edited 03-11-2019 08:35 AM
Hi all,
We've configured an ASA with simple architecture (PC - ASA - PC).
- We've configured interfaces and ACL permitting IP traffic.
PCs in inside and outside interface cannot ping each other.
We specified a STATIC (inside,outside) real_add_inside real_add_inside.
PCs in inside and outside interface can ping each other after adding this configuration.
We removed static configuration and the ASA is only configured with IP adress in each interface and ACL which permit all ip traffic.
After clearing xlate and rebooting ASA, PCs on inside and outside can always ping each other (as if removing the static configuration doesn't have impact on the connectivity between inside and outside).
We'd like to know if it is normal, if it is not necessary to configure NAT or STATIC to let inside and outside to communicate on ASA.
If so, what could be the reason ping doesn't work after first configuration.
05-22-2009 04:24 AM
start here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
then let us know if you still have questions
05-22-2009 05:15 AM
Hi,
When reading the doc, it seems we need to configure STATIC and ACL to be able to access inside network from outside.
what seems strange for us is that we can access inside network without STATIC but only ACL applied on interface outside.
we really appreciate if you could give more explanation on it.
05-22-2009 11:15 AM
PIX/ASA version 7.x and later have no nat-control, which means that by default you don't need to configure static statement. Default configuration of these versions of PIX?ASA doesn't require NAT.
If you want to have NAT required for all traffic passing thru, type nat-control. This will enable it.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml
05-26-2009 06:24 AM
Hi,
It's really helpfull, thanks a lot.
And what about FWSM, from each version nat-control is disabled?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: