08-24-2009 01:04 AM - edited 03-11-2019 09:08 AM
Are there any gotchas when trying to configure this?
I tried to configure this using:
global (external) 1 x.x.x.66
nat (inside) 1 0.0.0.0 0.0.0.0
And I was not able to ping any external devices. However, prior to this configuration, we had another device that would NAT the internal IPs in front of the ASA and we were able to get external.
Also on top of the gotchas, are there any ACLs or configurations that commonly affect the NATing ability of the ASA?
Thank you,
--Richard
08-24-2009 01:52 AM
Hi Richard
With regards to the global command, have you named your outside interface external?? could you check the naming of the ethernet 0. Please see the command syntax:
global (mapped_ifc) nat_id {mapped_ip)
mapped_ifc = Specifies the name of the interface connected to the mapped IP address network.
Regards
08-24-2009 03:21 AM
mj11,
Yes, I named the outside interface "external".
08-24-2009 05:19 AM
Hi Richard
Are you able to post you config, Are you able to ping the device connected to the external interface?
Regards
08-24-2009 05:36 AM
Hi Richard,
you should have this configuration in your ASA
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
icmp permit any unreachable inside
icmp permit any external
icmp permit any echo external
icmp permit any echo-reply external
icmp permit any unreachable external
&
policy-map global_policy
class inspection_default
inspect icmp
Thanks
AP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide