cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
591
Views
5
Helpful
6
Replies

NAT Issue

syedhashmi455
Level 1
Level 1

Hi Friends

Please guide me if my configuration is ok. I amnot able to ping the public ip throughthe ASA resulting in failure to login to the sip server.

I need to nat the inside network to outside.

Nat required between
88.55.164.10 to 101.164.50.50
88.55.164.11 to 101.164.50.25

Please note the version of ASA below:
Cisco Adaptive Security Appliance Software Version 8.4(7)
Device Manager Version 7.1(6)

I have configured as below

access-list 200 extended permit tcp any host 88.55.164.10
access-list 200 extended permit tcp any host 88.55.164.11
access-group 200 in interface outside

object network obj_sip-101.164.50.50
host 101.164.50.50
object network obj_sip_1-101.164.50.25
host 101.164.50.25

object network obj_sip-101.164.50.50
nat (inside,outside) static 88.55.164.10
object network obj_sip_1-101.164.50.25
nat (inside,outside) static 88.55.164.11
 

 

Regards,

Ahmed

 

2 Accepted Solutions

Accepted Solutions

At first glance you do not have any ACLs applied that allow access from the outside in.  You would need to add the following commands:

no access-list outside_access_in extended permit ip host 88.55.164.10 any

no access-list outside_access_in extended permit ip any host 88.55.164.10

access-list outside_access_in extended permit ip any host 101.164.50.25

access-list outside_access_in extended permit ip any host 101.164.50.50

access-group outside_access_in in interface outside

Keep in mind that you will now be allowing all traffic in to those hosts.  If possible it would be best to identify the exact ports that you need to have opened and only open for those ports.

Add these commands and then test.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Thank you for the rating ☺
--
Please remember to select a correct answer and rate helpful posts

View solution in original post

6 Replies 6

syedhashmi455
Level 1
Level 1

Folks, please help me in sorting this out as I need to settle this down today

When you are saying that you can not ping the public IP through the ASA, which IP are you trying to ping?

Are you able to ping the internet from any of those two servers (50.50 and 50.25)?

could you issue the following packet tracer on the ASA:

packet-tracer input inside tcp 101.164.50.25 12345 4.2.2.2 5060 detail

packet-tracer input inside tcp 101.164.50.50 12345 4.2.2.2 5060 detail

Could you please post the full ASA configuration (sanitised)? I feel it is easier to troubleshoot when seeing the whole picture.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Hi Marius,

Please check the ASA config attached.

Also check the topology attached. I am trying to acheive the nat mentioned in the topology.

I am not able to launch the application if the user is connected from outside.

Regards,

Ahmed

 

At first glance you do not have any ACLs applied that allow access from the outside in.  You would need to add the following commands:

no access-list outside_access_in extended permit ip host 88.55.164.10 any

no access-list outside_access_in extended permit ip any host 88.55.164.10

access-list outside_access_in extended permit ip any host 101.164.50.25

access-list outside_access_in extended permit ip any host 101.164.50.50

access-group outside_access_in in interface outside

Keep in mind that you will now be allowing all traffic in to those hosts.  If possible it would be best to identify the exact ports that you need to have opened and only open for those ports.

Add these commands and then test.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

bingo, thank you so much. resolved

Thank you for the rating ☺
--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: