I am new in Cisco Security, I am unable to access inside network from outside of ASA 5505.
my outside interface connected to L3 switch with no switchport having IP address 172.16.50.1 and ASA outside interface IP 172.16.50.2. Inside interface IP 10.29.50.250 and internal network is 10.29.50.0/24. For testing I did allow all traffic from all interfaces.See NW design (IP may wrong on this visio)
I did able to ping all my networks from ASA inside network but once I try to reach internal ASA network 10.228.50.0 didn't succeeded. see from scren-shot from 10.227.0.0/21 client.
I am also annexing ASA configuration for your kind of review and apt solution.
You are using dynamic NAT for inside network, which is always unidirectional. Traffic only get translated when generated from an inside network. For outside people it always seems coming from ASA outside interface ip address. You can not generate traffic for real inside ip address using dynamic NAT.
Either use static NAT (one to one mapping) or one solution is to use remote access VPN to get to internal networks of ASA or remove NAT all together if ip addresses are routable.
Thanks John & Poonam for your valueable input. Sorry for delay response as I was on off.
John our Industrial NW 10.29.50.0/24 is absolutely seperate from our core NW 10.227.0.0/21. for specific project We req to connect our few industrial clients to our EDC servers to fetch and negotiate performance data. That required two way communication. Communication from inside NW 10.29.50.0 is absolutely fine (see trace.png) but once I try to reach the 10.29.50.0 from core NW 10.227.0.0 it will not allow (see erro.png) where outside interface got response but inside interf didn't.
I did try to apply your mentioned command nat (inside,outside) 172.16.50.0 10.29.50.0 255.255.255.0 but it gives erro (see nat_error) but staic (inside,outside) can apply (see Static.png) but still I am unable to get the response from inside NW. If you deem I can share you my core NW design and detail which may all of you to help me out from this situation.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :