ASA 5510 SecPlus NAT/PAT

Unanswered Question
Aug 24th, 2009

Are there any gotchas when trying to configure this?

I tried to configure this using:

global (external) 1 x.x.x.66

nat (inside) 1

And I was not able to ping any external devices. However, prior to this configuration, we had another device that would NAT the internal IPs in front of the ASA and we were able to get external.

Also on top of the gotchas, are there any ACLs or configurations that commonly affect the NATing ability of the ASA?

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
apdatasoft Mon, 08/24/2009 - 05:36

Hi Richard,

you should have this configuration in your ASA

icmp permit any inside

icmp permit any echo inside

icmp permit any echo-reply inside

icmp permit any unreachable inside

icmp permit any external

icmp permit any echo external

icmp permit any echo-reply external

icmp permit any unreachable external


policy-map global_policy

class inspection_default

inspect icmp




This Discussion