Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping works from ASA to remote network but not from PCs behind ASA

We have a joint venture with a company who has started to take IT into their own hands. Unfortunately they still need access to many of our systems. They recently installed an ASA 5505 with their own internet connection. They are also connected to us via Sprint MPLS and a Cisco 2801 we have on site (10.0.1.1) I have a static route in the ASA directing any traffic for 192.168.1.0 to 10.0.1.1. Pinging works fine from the ASA but none of the PCs behind the ASA can ping anything in the 192.168.1.0 network. To get it to work I had to add a manual route add command on the Windows XP machine. The client PCs use the ASA as their default gateway so I would assume it would just know to forward any request for 192.168.1.0 to 10.0.1.1. I've attached the config for the ASA on site there. I'm thinking this might be something to do with NAT since when I try to ping from a PC that ASA spits out something about "no translation group...."

I appreciate any help.

4 REPLIES
New Member

Re: Ping works from ASA to remote network but not from PCs behin

I could be wrong but I think you need a NAT exception for traffic from the 10 network to the 192 network.

Try this:

access-list NONAT permit ip 10.0.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list NONAT

New Member

Re: Ping works from ASA to remote network but not from PCs behin

I'm curious if this worked since I have a similar problem routing to a second network on my inside interface.

Gold

Re: Ping works from ASA to remote network but not from PCs behin

either turn on icmp inspection, or explicity allow echo-reply traffic back in to the ping source.

New Member

Re: Ping works from ASA to remote network but not from PCs behin

Sorry about the lack of response. It looks like the way the remote technician setup the PC for me to access was on a separate network. I had assumed he had it on the same network as all the other PCs but apparently not, they were working normally. Thank you for the responses.

108
Views
0
Helpful
4
Replies
CreatePlease login to create content