Question about NAT, cannot reach other subnet..

Unanswered Question
Jun 28th, 2010
User Badges:

Hello guys.


I have an asa5505 router 1


Interface1 (OUT) 199.255.23.23

Interface2(Inside) 192.168.0.1



I have another router, (router2), that routes to another subnet (subnet 192.168.2.x), it's inside IP is 192.168.0.2


Clients inside of 192.168.0.x have router 1 inside as gateway,



I created fw rules any any Ip and a route: inside 192.168.2.0 255.255.255.0 192.168.0.2


When I do a packet trace it blocks at NAT.


The only dynamic rule I have is  any to OUTSIDE IP, which permits me to access intenet..


What nat rule should I do to be able to access 192.168.2.x from the 192.168.0.x client netwrok (im currently able to ping hosts in 192.168.2.x from the router, but not clients, like i said it blocks at nat rule.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
djh278778 Mon, 06/28/2010 - 13:14
User Badges:

Hello,


It sounds like you need a  "nat 0" statement. For example:


Create an ACL that permits 192.168.0.x to 192.168.2.x and a second line that permits 192.168.2.x to 192.168.0.x

Then create a NAT statement that would look like this: "nat (inside) 0 access-list xxx (xxx being the name of your ACL).


Nat 0 says "dont do nat for the given subnets".


I am of course speculating not having more details. If you dont think this is the resolution, post a config of the ASA and more details on your topology.

d.calinescu Mon, 06/28/2010 - 13:29
User Badges:

Hello,


I will give this a try tonight and if it doesnt work I'll be as detailed as possible and paste the config.


Thanks!

Dan

Actions

This Discussion