12-11-2007 02:00 AM - edited 03-11-2019 04:41 AM
Hi,
I have a ASA5505 at the remote end (ip base) with a server in the DMZ. DMZ is 10.102.1.0/24 and LAN is 172.16.0.0/16.
I have created a site to site tunnel from our network and can connect to 172.16.0.0/16 fine. I have also added to the crypto map to pass 10.102.1.0/24 traffic down the tunnel. I have also permitted outside - inside traffic to the DMZ from my LAN subnet.
I still can't ping the DMZ from my LAN - is this possible or am I missing something?
Thanks
Solved! Go to Solution.
12-11-2007 02:20 AM
You should add conditional exempt nat rules
remote ASA
access-list dmz_nat0_outbound permit ip 10.102.1.0 255.255.255.0 yourlocallan netmask
nat (DMZ) 0 access-list dmz_nat0_outbound
your asa
access-list inside_nat0_outbound permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list inside_nat0_outbound permit ip yourlocallan netmask 10.102.1.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
access-list outside_xxx_cryptomap permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list outside_xxx_cryptomap permit ip locallan netmask 10.102.1.0 255.255.255.0
Regards
12-11-2007 02:20 AM
You should add conditional exempt nat rules
remote ASA
access-list dmz_nat0_outbound permit ip 10.102.1.0 255.255.255.0 yourlocallan netmask
nat (DMZ) 0 access-list dmz_nat0_outbound
your asa
access-list inside_nat0_outbound permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list inside_nat0_outbound permit ip yourlocallan netmask 10.102.1.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
access-list outside_xxx_cryptomap permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list outside_xxx_cryptomap permit ip locallan netmask 10.102.1.0 255.255.255.0
Regards
12-11-2007 02:27 AM
thanks a lot - totally forgot about that step!
Many thanks
Rob
12-11-2007 02:22 AM
Hi
Could you just elaborate on the topology. When you say you can't ping the DMZ from your LAN is this the same LAN as 172.16.0.0/16 or is this the remote network.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide