Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT doesn't work when request coming from inside

Hi All,

Could really use some help configuring my ISA570W for NAT configuration.

Here's what I've done so far from the web UI:

1. Created 3 VLANs

     - VLAN10, 192.168.1.1/24, DHCP enabled, LAN zone

     - VLAN20, 192.169.1.1/24, DHCP disabled, LAN zone

     - VLAN30, 192.170.1.1/24, DHCP disabled, DMZ zone

2. Assigned GE2 to VLAN10, VLAN20, DEFAULT as trunk and connect it to Catalyst 2950 switch

3. Assigned GE6-9 to VLAN30, and left the rest of the GE to DEFAULT VLAN.

4. Created a static NAT from WAN 202.72.X.X to private IP in VLAN30, 192.170.1.2

5. Created an ACL entry to permit access from zone WAN to DMZ, any source, any service

6. Created an ACL entry to permit access from zone LAN to DMZ, any source, any service

7. Created an ACL entry to permit access from zone DMZ to LAN, any source, any service

Now, if I try accessing 202.72.X.X from my cellphone modem, works great, the packets are received OK by the private IP server (192.170.1.2)

But, if I try accessing 202.72.X.X from my laptop connected to VLAN10 or VLAN20, the packets only goes as far as the firewall, they never reached the private IP server. Tried PING, but it was answered by the ISA570W, not by my private IP server.

What am I missing ?

1 ACCEPTED SOLUTION

Accepted Solutions

NAT doesn't work when request coming from inside

Hello Admin,

Glad to see that I could help,

Please mark the question as answered

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
4 REPLIES

NAT doesn't work when request coming from inside

Hello ,

The NAT statement is from vlan 30 to WAN

In this case you are trying to access it from Vlan 10 and 20, so

1- You will need to access the box via the Private IP address

or

2- Create a NAT from vlan 30 to vlan 10 and 20,

Do u follow me?

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

NAT doesn't work when request coming from inside

Hi Julio,

First off, thanks for answering my inquiry.

But, I need your help again for option-2. Create a NAT from vlan 30 to vlan 10 and 20.

How do I do that ? Which menu is it from the web UI ? Is it static NAT or Advanced NAT

I think static NAT only allows source from WAN only.

thanks again

Lutfi

New Member

NAT doesn't work when request coming from inside

Found the answer here :

http://www.cisco.com/en/US/docs/security/small_business_security/isa500/technical_reference/nat/isa500_NAT_appnote.pdf

I need to make a NAT Hairpinning (loopback) to allow inside host to access my server using it's public IP (202.72.x.x)

Thanks Julio for the input

NAT doesn't work when request coming from inside

Hello Admin,

Glad to see that I could help,

Please mark the question as answered

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
206
Views
0
Helpful
4
Replies
CreatePlease to create content