Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - NAT - VLANS

I want to start by thanking everyone for taking the time to ready this. We currently have a Fortigate firewall in place. We have multiple VLANS seperating our voip phone system from the rest of our traffic, and we also seperate out our guest wireless network. We just bought an ASA 5540. I have setup ASA's before and I seem to always miss one little detail and Im so mad at myself when I contact the TAC and they fix it within mins. So hopefully someone here can help me. I can ping the internal interface but nothing past that from the inside.

5 REPLIES
Gold

Re: ASA - NAT - VLANS

try removing all of your icmp acl's and access-group commands.

instead try turning on icmp inspection globally:

policy-map global_policy

class inspection_default

inspect icmp

New Member

Re: ASA - NAT - VLANS

I should have been more detailed on my problem. It isnt just ICMP that is not getting from the inside to the rest of the world. Its everything. I know my default route is right because Im able to ping the outside interface from a machine out on the web.

Re: ASA - NAT - VLANS

are the interface names in the nat statement correct. I don't see an ip-address assigned to interface named as Inside.

global (Outside) 1 interface

nat (Inside) 1 0.0.0.0 0.0.0.0 outside

New Member

Re: ASA - NAT - VLANS

do I have to add the Nat (Interface) 1 0.0.0.0 0.0.0.0 outside for each Vlan?

Re: ASA - NAT - VLANS

nat (Internal) 1 0.0.0.0 0.0.0.0

nat (Vlan_Phones) 1 0.0.0.0 0.0.0.0

global (Outside) 1 interface

222
Views
0
Helpful
5
Replies