Solved: ASA 5510 8.3 Inter-Vlan routing with NAT

philcisco2 · ‎07-10-2012

Hello,

I have found multiple solutions to this question for < 8.2 but no solutions for the new way the ASA does nat statments

Basically i have multiple VLAN's and i need 2 of them to communicate

inside - 192.168.1.0/24 ( security-level 100 )

voice - 192.168.100.0/24 ( security-level 100 )

Error i am getting is:

192.168.1.100 192.168.100.100 Deny inbound icmp src inside:192.168.1.100 dst Voice:192.168.100.100 (type 8, code 0)

When trying to ping from 192.168.1.100 to 192.168.100.100

I know what has to happen is i need 2 static nat statements to route the information from one subnet to the other. problem is i can't seam to generate the right statments.

I have come up with:

object network obj_nat_voice_to_inside

subnet 192.168.1.0 255.255.255.0

nat (inside,Voice) static interface

object network obj_nat_inside_to_voice

subnet 192.168.100.0 255.255.255.0

nat (Voice,inside) static interface

They are not working i know there is something wrong just can't figure it out

I have found multiple examples for the old style nat statments to resolve this issue but none on the new style.

can someone give me a hand with this?

Thanks in advnace!

Edison Ortiz · ‎07-10-2012

I suggest reposting in the security section of this forum.

Regards,

Edison

View solution in original post

Edison Ortiz · ‎07-10-2012

I suggest reposting in the security section of this forum.

Regards,

Edison

philcisco2 · ‎07-10-2012

Thanks,

Re-posted:

https://supportforums.cisco.com/thread/2159204

philcisco2 · ‎07-10-2012

correct answer is in the post:

https://supportforums.cisco.com/message/3679917#3679917