Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 SecPlus NAT/PAT

Are there any gotchas when trying to configure this?

I tried to configure this using:

global (external) 1 x.x.x.66

nat (inside) 1 0.0.0.0 0.0.0.0

And I was not able to ping any external devices. However, prior to this configuration, we had another device that would NAT the internal IPs in front of the ASA and we were able to get external.

Also on top of the gotchas, are there any ACLs or configurations that commonly affect the NATing ability of the ASA?

Thank you,

--Richard

4 REPLIES
Community Member

Re: ASA 5510 SecPlus NAT/PAT

Hi Richard

With regards to the global command, have you named your outside interface external?? could you check the naming of the ethernet 0. Please see the command syntax:

global (mapped_ifc) nat_id {mapped_ip)

mapped_ifc = Specifies the name of the interface connected to the mapped IP address network.

Regards

Community Member

Re: ASA 5510 SecPlus NAT/PAT

mj11,

Yes, I named the outside interface "external".

Community Member

Re: ASA 5510 SecPlus NAT/PAT

Hi Richard

Are you able to post you config, Are you able to ping the device connected to the external interface?

Regards

Community Member

Re: ASA 5510 SecPlus NAT/PAT

Hi Richard,

you should have this configuration in your ASA

icmp permit any inside

icmp permit any echo inside

icmp permit any echo-reply inside

icmp permit any unreachable inside

icmp permit any external

icmp permit any echo external

icmp permit any echo-reply external

icmp permit any unreachable external

&

policy-map global_policy

class inspection_default

inspect icmp

Thanks

AP

310
Views
0
Helpful
4
Replies
CreatePlease to create content