Hello, New to ASA
On an ASA5505 v7.2(4), I am trying to allow traffic between two local networks.
I have the local network 192.168.1.0 and a subnet 192.168.2.0 behind another router. I also have IPsec VPN on the security appliance.
When I connect a computer to the internet in the first network (192.168.1.0) using the ASA, this computer lost connection to the subnet (192.168.2.0). The ASA is blocking all the traffic through the networks.
I applied the command same-security-traffic permit intra-interface. I also applied the command
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0, and added the static route: route inside 192.168.2.0 255.255.255.0 192.168.1.254 1, but nothing works.
When I ICMP echo, the Nat is dropping the requested package.
The packet tracer output is as follows:
The packet has been dropped by NAT, and it is the same for the port 3389 (remote desktop).
Thank you in advance.
So you are trying to hair ping traffic on the inside interface?
In general that is not good practice. If traffic needs to be routed before the ASA make sure the RTR router the traffic from one subnet to the other. The ASA doesn't need to see traffic that goes from inside to inside.
Now if you still insist on doing that you can try putting in translations for the src and the destination. In other words you need to identity translate the 192.168.1.0/24 and 192.168.2.0/24. You are nat exempting one way but not the return.
Can you try
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
And then you can run a packet tracer again to see if it would fail or not.
I hope it helps.