cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1257
Views
0
Helpful
3
Replies

ASA - NAT rule problem

Mohamed Hamid
Level 1
Level 1

Hi Guys

I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.

I have created a NAT rule as follows

interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP

I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?

Apologies if this question is a simple one but I am new to cisco asas and slowly getting by

Your help would be much appreciated

Kind Regards

Ridha

3 Replies 3

varrao
Level 10
Level 10

Can you share the following outputs:

show run nat

show run static

show run global

show ip

this would help me.

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun

Please find outputs below

nat (dmzdata) 0 access-list ALLRAS

nat (AHdata) 0 access-list ALLRAS

nat (AHdata) 1 10.0.1.0 255.255.255.0

nat (dmzAHmgmt) 0 access-list ALLRAS

nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0

nat (AHmgmt) 0 access-list ALLRAS

nat (AHmgmt) 1 10.1.1.0 255.255.255.0

asa-L# sh run static

static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255

static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255

global (dmzdata) 1 interface

global (AHdata) 1 interface

global (dmzmgmt) 1 interface

global (AHmgmt) 1 interface

System IP Addresses:

Interface                Name                   IP address      Subnet mask                                               Method

GigabitEthernet0/0       dmzdata                x            255.255.255.0                                             CONFIG

GigabitEthernet0/1       AHdata                 x            255.255.255.0                                             manual

GigabitEthernet0/2       dmzmgmt                x            255.255.255.0                                             CONFIG

GigabitEthernet0/3       folink                 x            255.255.255.0                                           unset

Management0/0            AHmgmt                 x            255.255.255.0                                             CONFIG

Hi there

just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.

I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: