Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
3
Replies

ASA5540 NAT Problem

IT_Data_CorporateNet
Level 1
Level 1

‎04-04-2008 12:27 AM - edited ‎03-09-2019 08:26 PM

I'm setting up ASA5540 to replace PIX525. I have a problem, traffic is not flowing from the DMZ to Outside interface. I enabled ping from the outside interface to dmz and debugged icmp trace. This is what i found, "ICMP echo request untranslating Outside:172.18.124.3 to DMZ:exchange

ICMP echo request from Outside:172.18.124.1 to DMZ:172.18.124.3 ID=1024 seq=24576 len=32"

Simply, there was no reply from the DMZ. And when i ping from DMZ to Outside, i dont see any traffic passing in ASA. Please help as my emails are not going out. Attached is my configuration file.

Labels:
Preview file
10 KB
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎04-04-2008 06:25 AM

You need to allow icmp in your outside and dmz access lists. Also, you are only allowing your exchange server to smtp to 172.16.0.0.

0 Helpful

IT_Data_CorporateNet
Level 1
Level 1
In response to acomiskey

‎04-04-2008 07:07 AM

Sorry that config is rather old, i have this access list in my current config.

access-list outside_access_dmz extended permit icmp any host 172.18.124.3

but still i get the same.

0 Helpful

chickman
Level 1
Level 1
In response to IT_Data_CorporateNet

‎04-04-2008 07:38 AM

I looked at your config and was extremely confused at what you're trying to accomplish. But, I only glanced at it and not trying to construct your network.

My suggestions, albeit a novice one, would be to add ICMP to your inspection. As far as the connectivity, I'm hard pressed to find what you're doing with the IP scheme and your nat0.

Sorry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents