03-05-2014 12:12 PM - edited 03-11-2019 08:54 PM
Hi Everyone,
Need to understand logs below
Mar 04 2014 21:58:27: %ASA-6-302020: Built inbound ICMP connection for faddr 10.0.0.52/1(LOCAL\ipsec-user) gaddr 192.168.50.1/0 laddr 192.168.50.1/0 (ipsec-user )
Mar 04 2014 21:58:28: %ASA-6-302021: Teardown ICMP connection for faddr 10.0.0.52/1(LOCAL\ipsec-user) gaddr 192.168.50.1/0 laddr 192.168.50.1/0 (ipsec-user) Mar 04 2014 21:58:27:
I am pinging from PC IP 10.0.0.52 connected to ASA using Remote VPN to IP 192.168.50.1.
IP 192.168.50.1 is connected to inside interface of ASA.
As per logs i can say 10.0.0.0.52 is Foreign address?
when ping come from IP 10.0.0.52 it gets translated to global addess 192.168.50.1?
Then again its translated to local address 192.168.50.1?
Regards
Mahesh
Solved! Go to Solution.
03-05-2014 12:43 PM
Mahesh
faddr = foreign address = your PC 10.0.0.52
gaddr = global address = the IP the real IP has been changed to with NAT (if it has)
laddr = local address = the real IP
note in this case the global and the local are the same address.
Jon
03-05-2014 02:57 PM
Mahesh
So as i have NAT exempt from inside to outside.As per my logs on the original post traffic is coming from the outside
to inside so in this no address is changed?
Yes no NAT translation is done because you don't have a NAT translation for that specific traffic.
So i can say that Global address=192.168.50.1=Real IP=Local address?
Yes, the local IP is the same as the global IP because again you are are not translating this address.
Jon
03-05-2014 12:43 PM
Mahesh
faddr = foreign address = your PC 10.0.0.52
gaddr = global address = the IP the real IP has been changed to with NAT (if it has)
laddr = local address = the real IP
note in this case the global and the local are the same address.
Jon
03-05-2014 02:49 PM
Hi John,
I have below NAT Exempt config
nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static NETWORK_OBJ_10.0.0.0_25 NETWORK_OBJ_10.0.0.0_25 no-proxy-arp route-lookup
So when you say
gaddr = global address = the IP the real IP has been changed to with NAT (if it has)
So as i have NAT exempt from inside to outside.As per my logs on the original post traffic is coming from the outside
to inside so in this no address is changed?
So i can say that Global address=192.168.50.1=Real IP=Local address?
Second thing need to know is my NAT exempt is 10.0.0.0 subnet for inside to outside but here i am comong from source IP 10.0.0.52 going to IP 192.168.50.1 from outside so how does NAT exempt work here?
Regards
Mahesh
03-05-2014 02:57 PM
Mahesh
So as i have NAT exempt from inside to outside.As per my logs on the original post traffic is coming from the outside
to inside so in this no address is changed?
Yes no NAT translation is done because you don't have a NAT translation for that specific traffic.
So i can say that Global address=192.168.50.1=Real IP=Local address?
Yes, the local IP is the same as the global IP because again you are are not translating this address.
Jon
03-05-2014 05:43 PM
Hi Jon,
Many thanks for clearing all my doubts now i have better understanding of the concept.
Best Regards
MAhesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: