Why i could not ping (icmp) after changing the NAT public ip address
Hi there! i've a ASA 5510, with several interfaces. I've a public IP address 126.96.36.199 on interface Ethernet0, it is configured as outside
INSIDE interface is on ethernet 1, and has ip address 192.168.1.1/24
i've allowed internet access from intenal user to external, and i use dynamic nat, and the translated IP address is IP address of interface Ethernet0 188.8.131.52.
In this moment, the internal user could browse normally to internet (http, https, ftp etc...) also could use icmp to test public internet addresses like 184.108.40.206 of google for example.
but, from ISP, i've some other IP addresses (220.127.116.11 up to 18.104.22.168)
and when i make an inside host, let say 192.168.1.8, with dynamic nat to Public IP address 22.214.171.124, the internal host could not ping anymore outside hosts, but have normal internet connection. When i see the public IP of this host (using www.whatismyip.com) it shows correctly the IP 126.96.36.199 Why this happen? and how to fix this issues?
Why i could not ping (icmp) after changing the NAT public ip add
The above ASDM "packet-tracer" doesnt really correspond to what I was asking above.
The ICMP type/code used in the "packet-tracer" is wrong and is most probably the reason it results in a drop.
The "packet-tracer" command used on the CLI of the ASA is a lot clearer output than using the ASDM.
The situation/problem would be a lot more clearer if either you didnt have ICMP Inspection enabled which seems to be enabled or if no other connections would either work from the hosts using the other NAT IP address.
Could you use the original "packet-tracer" I used on the CLI and copy/paste the output here. Naturally you should change any public IP address visible in the output.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...