Question about NAT, cannot reach other subnet..

Unanswered Question
Jun 28th, 2010

Hello guys.

I have an asa5505 router 1

Interface1 (OUT) 199.255.23.23

Interface2(Inside) 192.168.0.1

I have another router, (router2), that routes to another subnet (subnet 192.168.2.x), it's inside IP is 192.168.0.2

Clients inside of 192.168.0.x have router 1 inside as gateway,

I created fw rules any any Ip and a route: inside 192.168.2.0 255.255.255.0 192.168.0.2

When I do a packet trace it blocks at NAT.

The only dynamic rule I have is  any to OUTSIDE IP, which permits me to access intenet..

What nat rule should I do to be able to access 192.168.2.x from the 192.168.0.x client netwrok (im currently able to ping hosts in 192.168.2.x from the router, but not clients, like i said it blocks at nat rule.


Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
djh278778 Mon, 06/28/2010 - 13:14

Hello,

It sounds like you need a  "nat 0" statement. For example:

Create an ACL that permits 192.168.0.x to 192.168.2.x and a second line that permits 192.168.2.x to 192.168.0.x

Then create a NAT statement that would look like this: "nat (inside) 0 access-list xxx (xxx being the name of your ACL).

Nat 0 says "dont do nat for the given subnets".

I am of course speculating not having more details. If you dont think this is the resolution, post a config of the ASA and more details on your topology.

d.calinescu Mon, 06/28/2010 - 13:29

Hello,


I will give this a try tonight and if it doesnt work I'll be as detailed as possible and paste the config.


Thanks!

Dan

Actions

This Discussion