02-26-2008 09:23 AM - edited 03-11-2019 05:09 AM
I've recently took over this new firewall to manage from another person who is no longer with the company. For some reason, when I've created a new NAT and applied a simple ACL, the ASA blocks it with the implicit deny rule.
I can't seem to understand why that would be. I've setup this type of thing many times without issues.
Anyone have any ideas?
Thanks,
Harmeet
I've attached the running config for some reference. The NAT in question is XXX.XXX.XXX.54 with the corresponding ACL, acl_out line
02-26-2008 03:55 PM
add the line :-
access-list inside_access_out line 1 permit ip any host 10.1.1.201
it should work..
02-27-2008 08:33 AM
Thanks. Unfortunately it didn't work.
I checked that rule in the ADSM packet tracer and it worked well, but in reality it didn't.
So I checked the packet tracer for the entry you just asked me to put in. It is being stopped by the NAT.
nat (inside) 1 0.0.0.0 0.0.0.0 match ip inside any inside any dynamic translation to pool 1 (No matching global) translate_hits = 3, untranslate_hits = 0
So, I guess I'm now out to look why the global statement for this NAT is not there.
Any suggestions?
Harmeet
02-28-2008 12:19 PM
harmeet can you get the following for me :-
1)sh xlate det | inc x.x.x.x
2)debug icmp trace and logs at debug level
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide