ASA - NAT rule problem

Unanswered Question
Apr 20th, 2012
User Badges:

Hi Guys


I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.


I have created a NAT rule as follows


interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP


I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?


Apologies if this question is a simple one but I am new to cisco asas and slowly getting by


Your help would be much appreciated


Kind Regards


Ridha

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
varrao Fri, 04/20/2012 - 08:07
User Badges:
  • Red, 2250 points or more

Can you share the following outputs:


show run nat

show run static

show run global

show ip



this would help me.


Thanks,

Varun

Mohamed Hamid Fri, 04/20/2012 - 08:24
User Badges:

Hi Varun


Please find outputs below



nat (dmzdata) 0 access-list ALLRAS

nat (AHdata) 0 access-list ALLRAS

nat (AHdata) 1 10.0.1.0 255.255.255.0

nat (dmzAHmgmt) 0 access-list ALLRAS

nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0

nat (AHmgmt) 0 access-list ALLRAS

nat (AHmgmt) 1 10.1.1.0 255.255.255.0


asa-L# sh run static

static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255

static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255



global (dmzdata) 1 interface

global (AHdata) 1 interface

global (dmzmgmt) 1 interface

global (AHmgmt) 1 interface




System IP Addresses:

Interface                Name                   IP address      Subnet mask                                               Method

GigabitEthernet0/0       dmzdata                x            255.255.255.0                                             CONFIG

GigabitEthernet0/1       AHdata                 x            255.255.255.0                                             manual

GigabitEthernet0/2       dmzmgmt                x            255.255.255.0                                             CONFIG

GigabitEthernet0/3       folink                 x            255.255.255.0                                           unset

Management0/0            AHmgmt                 x            255.255.255.0                                             CONFIG

Mohamed Hamid Fri, 04/20/2012 - 08:41
User Badges:

Hi there


just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.


I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?













Actions

This Discussion

Related Content