Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT Issue

Hi Friends

Please guide me if my configuration is ok. I amnot able to ping the public ip throughthe ASA resulting in failure to login to the sip server.

I need to nat the inside network to outside.

Nat required between
88.55.164.10 to 101.164.50.50
88.55.164.11 to 101.164.50.25

Please note the version of ASA below:
Cisco Adaptive Security Appliance Software Version 8.4(7)
Device Manager Version 7.1(6)

I have configured as below

access-list 200 extended permit tcp any host 88.55.164.10
access-list 200 extended permit tcp any host 88.55.164.11
access-group 200 in interface outside

object network obj_sip-101.164.50.50
host 101.164.50.50
object network obj_sip_1-101.164.50.25
host 101.164.50.25

object network obj_sip-101.164.50.50
nat (inside,outside) static 88.55.164.10
object network obj_sip_1-101.164.50.25
nat (inside,outside) static 88.55.164.11
 

 

Regards,

Ahmed

 

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Green

At first glance you do not

At first glance you do not have any ACLs applied that allow access from the outside in.  You would need to add the following commands:

no access-list outside_access_in extended permit ip host 88.55.164.10 any

no access-list outside_access_in extended permit ip any host 88.55.164.10

access-list outside_access_in extended permit ip any host 101.164.50.25

access-list outside_access_in extended permit ip any host 101.164.50.50

access-group outside_access_in in interface outside

Keep in mind that you will now be allowing all traffic in to those hosts.  If possible it would be best to identify the exact ports that you need to have opened and only open for those ports.

Add these commands and then test.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
VIP Green

Thank you for the rating ☺

Thank you for the rating ☺
--

Please remember to rate and select a correct answer
6 REPLIES
New Member

Folks, please help me in

Folks, please help me in sorting this out as I need to settle this down today

VIP Green

When you are saying that you

When you are saying that you can not ping the public IP through the ASA, which IP are you trying to ping?

Are you able to ping the internet from any of those two servers (50.50 and 50.25)?

could you issue the following packet tracer on the ASA:

packet-tracer input inside tcp 101.164.50.25 12345 4.2.2.2 5060 detail

packet-tracer input inside tcp 101.164.50.50 12345 4.2.2.2 5060 detail

Could you please post the full ASA configuration (sanitised)? I feel it is easier to troubleshoot when seeing the whole picture.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Hi Marius,Please check the

Hi Marius,

Please check the ASA config attached.

Also check the topology attached. I am trying to acheive the nat mentioned in the topology.

I am not able to launch the application if the user is connected from outside.

Regards,

Ahmed

 

VIP Green

At first glance you do not

At first glance you do not have any ACLs applied that allow access from the outside in.  You would need to add the following commands:

no access-list outside_access_in extended permit ip host 88.55.164.10 any

no access-list outside_access_in extended permit ip any host 88.55.164.10

access-list outside_access_in extended permit ip any host 101.164.50.25

access-list outside_access_in extended permit ip any host 101.164.50.50

access-group outside_access_in in interface outside

Keep in mind that you will now be allowing all traffic in to those hosts.  If possible it would be best to identify the exact ports that you need to have opened and only open for those ports.

Add these commands and then test.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

bingo, thank you so much.

bingo, thank you so much. resolved

VIP Green

Thank you for the rating ☺

Thank you for the rating ☺
--

Please remember to rate and select a correct answer
52
Views
5
Helpful
6
Replies
CreatePlease login to create content