04-20-2012 08:03 AM - edited 02-21-2020 04:37 AM
Hi Guys
I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.
I have created a NAT rule as follows
interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP
I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?
Apologies if this question is a simple one but I am new to cisco asas and slowly getting by
Your help would be much appreciated
Kind Regards
Ridha
04-20-2012 08:07 AM
Can you share the following outputs:
show run nat
show run static
show run global
show ip
this would help me.
Thanks,
Varun
04-20-2012 08:24 AM
Hi Varun
Please find outputs below
nat (dmzdata) 0 access-list ALLRAS
nat (AHdata) 0 access-list ALLRAS
nat (AHdata) 1 10.0.1.0 255.255.255.0
nat (dmzAHmgmt) 0 access-list ALLRAS
nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0
nat (AHmgmt) 0 access-list ALLRAS
nat (AHmgmt) 1 10.1.1.0 255.255.255.0
asa-L# sh run static
static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255
static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255
global (dmzdata) 1 interface
global (AHdata) 1 interface
global (dmzmgmt) 1 interface
global (AHmgmt) 1 interface
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 dmzdata x 255.255.255.0 CONFIG
GigabitEthernet0/1 AHdata x 255.255.255.0 manual
GigabitEthernet0/2 dmzmgmt x 255.255.255.0 CONFIG
GigabitEthernet0/3 folink x 255.255.255.0 unset
Management0/0 AHmgmt x 255.255.255.0 CONFIG
04-20-2012 08:41 AM
Hi there
just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.
I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide