cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
375
Views
0
Helpful
2
Replies

Question about NAT, cannot reach other subnet..

d.calinescu
Level 1
Level 1

Hello guys.

I have an asa5505 router 1

Interface1 (OUT) 199.255.23.23

Interface2(Inside) 192.168.0.1

I have another router, (router2), that routes to another subnet (subnet 192.168.2.x), it's inside IP is 192.168.0.2

Clients inside of 192.168.0.x have router 1 inside as gateway,

I created fw rules any any Ip and a route: inside 192.168.2.0 255.255.255.0 192.168.0.2

When I do a packet trace it blocks at NAT.

The only dynamic rule I have is  any to OUTSIDE IP, which permits me to access intenet..

What nat rule should I do to be able to access 192.168.2.x from the 192.168.0.x client netwrok (im currently able to ping hosts in 192.168.2.x from the router, but not clients, like i said it blocks at nat rule.


Thanks

2 Replies 2

djh278778
Level 1
Level 1

Hello,

It sounds like you need a  "nat 0" statement. For example:

Create an ACL that permits 192.168.0.x to 192.168.2.x and a second line that permits 192.168.2.x to 192.168.0.x

Then create a NAT statement that would look like this: "nat (inside) 0 access-list xxx (xxx being the name of your ACL).

Nat 0 says "dont do nat for the given subnets".

I am of course speculating not having more details. If you dont think this is the resolution, post a config of the ASA and more details on your topology.

Hello,


I will give this a try tonight and if it doesnt work I'll be as detailed as possible and paste the config.


Thanks!

Dan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco