Hi halijenn / NT / Magnus
I have 2 server one on outside and another on inside of the firewall . The issue is that the server on inside (10.251.12.1) is able to communicate the server on outside (10.253.9.14) however the vice-versa is not happening .The communication between the 2 devices is tested via ICMP .ICMP from 10.251.12.1 is happening to 10.253.9.14 however when i try to ping from 10.253.9.14 it doesnot happens .
Following is the current config relevant to this issue
1) global (outside) 1 interface
2) Inspect ICMP is enabled for the global_policy and is applied for the service policy
Please let me know if the below config is correct and if it should work .
access-list OUT_IN extended permit icmp host 10.253.9.14 host 10.251.12.1 [ access-group is also applied ]
nat (inside) 0 access-list NONAT
access-list NONAT extended permit ip host 10.251.12.1 host 10.253.9.14
I also know that we can apply Static Identity NAT in place of above as follows
static (inside,outside) 10.251.12.1 10.251.12.1
Please help me in getting the config correct .
nat (inside) 1 0.0.0.0 0.0.0.0
Correct. You do not need the static in this case as nat 0 with acl is birectional.
When the pings do not work one way - what do you see in the syslogs? Is it possible that the windows firewall is enabled on the inside host that does not respond to pings when ping-ed from the other?
Since you are trying to open the communication from lower security to higher
security, you need an identity NAT translation for the inside server.
static (inside,outside) 10.251.12.1 10.251.12.1 netmask 255.255.255.255
Please make sure that the static does not break any other communication.
Hope this helps.