04-20-2012 08:03 AM - edited 02-21-2020 04:37 AM
Hi Guys
I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.
I have created a NAT rule as follows
interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP
I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?
Apologies if this question is a simple one but I am new to cisco asas and slowly getting by
Your help would be much appreciated
Kind Regards
Ridha
04-20-2012 08:07 AM
Can you share the following outputs:
show run nat
show run static
show run global
show ip
this would help me.
Thanks,
Varun
04-20-2012 08:24 AM
Hi Varun
Please find outputs below
nat (dmzdata) 0 access-list ALLRAS
nat (AHdata) 0 access-list ALLRAS
nat (AHdata) 1 10.0.1.0 255.255.255.0
nat (dmzAHmgmt) 0 access-list ALLRAS
nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0
nat (AHmgmt) 0 access-list ALLRAS
nat (AHmgmt) 1 10.1.1.0 255.255.255.0
asa-L# sh run static
static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255
static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255
global (dmzdata) 1 interface
global (AHdata) 1 interface
global (dmzmgmt) 1 interface
global (AHmgmt) 1 interface
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 dmzdata x 255.255.255.0 CONFIG
GigabitEthernet0/1 AHdata x 255.255.255.0 manual
GigabitEthernet0/2 dmzmgmt x 255.255.255.0 CONFIG
GigabitEthernet0/3 folink x 255.255.255.0 unset
Management0/0 AHmgmt x 255.255.255.0 CONFIG
04-20-2012 08:41 AM
Hi there
just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.
I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: