Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA - NAT rule problem

Hi Guys

I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.

I have created a NAT rule as follows

interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP

I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?

Apologies if this question is a simple one but I am new to cisco asas and slowly getting by

Your help would be much appreciated

Kind Regards

Ridha

  • Security Management
Everyone's tags (3)
3 REPLIES
Red

ASA - NAT rule problem

Can you share the following outputs:

show run nat

show run static

show run global

show ip

this would help me.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA - NAT rule problem

Hi Varun

Please find outputs below

nat (dmzdata) 0 access-list ALLRAS

nat (AHdata) 0 access-list ALLRAS

nat (AHdata) 1 10.0.1.0 255.255.255.0

nat (dmzAHmgmt) 0 access-list ALLRAS

nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0

nat (AHmgmt) 0 access-list ALLRAS

nat (AHmgmt) 1 10.1.1.0 255.255.255.0

asa-L# sh run static

static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255

static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255

global (dmzdata) 1 interface

global (AHdata) 1 interface

global (dmzmgmt) 1 interface

global (AHmgmt) 1 interface

System IP Addresses:

Interface                Name                   IP address      Subnet mask                                               Method

GigabitEthernet0/0       dmzdata                x            255.255.255.0                                             CONFIG

GigabitEthernet0/1       AHdata                 x            255.255.255.0                                             manual

GigabitEthernet0/2       dmzmgmt                x            255.255.255.0                                             CONFIG

GigabitEthernet0/3       folink                 x            255.255.255.0                                           unset

Management0/0            AHmgmt                 x            255.255.255.0                                             CONFIG

New Member

ASA - NAT rule problem

Hi there

just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.

I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?

788
Views
0
Helpful
3
Replies
This widget could not be displayed.