ASA 5510 SecPlus NAT/PAT

rsvensson · ‎08-24-2009

Are there any gotchas when trying to configure this?

I tried to configure this using:

global (external) 1 x.x.x.66

nat (inside) 1 0.0.0.0 0.0.0.0

And I was not able to ping any external devices. However, prior to this configuration, we had another device that would NAT the internal IPs in front of the ASA and we were able to get external.

Also on top of the gotchas, are there any ACLs or configurations that commonly affect the NATing ability of the ASA?

Thank you,

--Richard

mj11 · ‎08-24-2009

Hi Richard

With regards to the global command, have you named your outside interface external?? could you check the naming of the ethernet 0. Please see the command syntax:

global (mapped_ifc) nat_id {mapped_ip)

mapped_ifc = Specifies the name of the interface connected to the mapped IP address network.

Regards

rsvensson · ‎08-24-2009

mj11,

Yes, I named the outside interface "external".

mj11 · ‎08-24-2009

Hi Richard

Are you able to post you config, Are you able to ping the device connected to the external interface?

Regards

apdatasoft · ‎08-24-2009

Hi Richard,

you should have this configuration in your ASA

icmp permit any inside

icmp permit any echo inside

icmp permit any echo-reply inside

icmp permit any unreachable inside

icmp permit any external

icmp permit any echo external

icmp permit any echo-reply external

icmp permit any unreachable external

&

policy-map global_policy

class inspection_default

inspect icmp

Thanks

AP