This router has an Isdn access to a central site using a Bri interface (wic-1b-s/t-v3).
The router has the following IOS: c2800nm-spservicesk9-mz.123-8.T8.bin.
This same router has an Internet access using an Adsl interface and at same time has an Isdn access to a customer, a client. Behind this router I have a firewall, an ASA5520.
The configuration can be seen in one file attached to this.
The problem is like this,
In the ASA, the traffic that goes to the outside is nated with the ip address of the outside interface.
In the router, the traffic that goes to the internet are not nated, but the traffic to the customer has to be nated (the client asked to be like this) with the ip address of the Isdn connection.
If I make a connection test (a âpingâ) to the client internal network, from the ASA. I have no success. But if I do the same test in the router (with source in the internal interface of the router) I have success.
What I can see is that the packets are coming from the ASA and are going to the router internal interface. In the router they are nated and then are sent to the bri interface.
They are then sanded to the client internal network.
The replay to the âpingâ is then sanded to my router (c2811), and I can still see this coming to my Bri interface.
The traffic, I mean, the destination ip address of the traffic is then translated to the ip address of the outside interface of the ASAâ¦
This last thing should be happening, but it's not.
Almost the times I don't succeed in âpingingâ the internal network of the client.
What I have in the ASA is:
ping outside 10.10.10.4 repeat 15
Type escape sequence to abort.
Sending 15, 100-byte ICMP Echos to 10.10.10.4, timeout is 2 seconds:
Success rate is 6 percent (1/15), round-trip min/avg/max = 310/310/310 ms
Your issue is a bit confusing but if I understand correctly, when you ping through the ASA to the network connected via ISDN to corp you are referring to the "client internal network" in your post and that is what's not working...
If so, I think the problem is with your natting in general.
If you want to nat to some destinations and not others you should make your nat rule more specific..
Something like this
interface fast 0/0
ip nat inside
int dialer 1
ip nat outside
ip nat inside source list 101
access-list 101 permit ip (source ip of firewall destination)[because you're natting all traffic to this address coming out of the firewall right?] (customer)network
access-list 101 deny ip any any
This last statement says don't nat anything else....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...