ASA - NAT rule problem

Unanswered Question
Apr 20th, 2012

Hi Guys

I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.

I have created a NAT rule as follows

interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP

I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?

Apologies if this question is a simple one but I am new to cisco asas and slowly getting by

Your help would be much appreciated

Kind Regards

Ridha

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
varrao Fri, 04/20/2012 - 08:07

Can you share the following outputs:

show run nat

show run static

show run global

show ip

this would help me.

Thanks,

Varun

mohamedridha Fri, 04/20/2012 - 08:24

Hi Varun

Please find outputs below

nat (dmzdata) 0 access-list ALLRAS

nat (AHdata) 0 access-list ALLRAS

nat (AHdata) 1 10.0.1.0 255.255.255.0

nat (dmzAHmgmt) 0 access-list ALLRAS

nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0

nat (AHmgmt) 0 access-list ALLRAS

nat (AHmgmt) 1 10.1.1.0 255.255.255.0

asa-L# sh run static

static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255

static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255

global (dmzdata) 1 interface

global (AHdata) 1 interface

global (dmzmgmt) 1 interface

global (AHmgmt) 1 interface

System IP Addresses:

Interface                Name                   IP address      Subnet mask                                               Method

GigabitEthernet0/0       dmzdata                x            255.255.255.0                                             CONFIG

GigabitEthernet0/1       AHdata                 x            255.255.255.0                                             manual

GigabitEthernet0/2       dmzmgmt                x            255.255.255.0                                             CONFIG

GigabitEthernet0/3       folink                 x            255.255.255.0                                           unset

Management0/0            AHmgmt                 x            255.255.255.0                                             CONFIG

mohamedridha Fri, 04/20/2012 - 08:41

Hi there

just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.

I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?











Actions

Login or Register to take actions

This Discussion

Posted April 20, 2012 at 8:03 AM
Stats:
Replies:3 Avg. Rating:
Views:779 Votes:0
Shares:0
Tags: nat, asa, access
+

Related Content

Discussions Leaderboard