traffic between same sec-level interfaces on ASA and NAT issue
I'm having a little problem with getting traffic to flow out of a 3rd interface on my cisco ASA.
I have my networks set up like this.
inside (sec-100)- internal lan
outside(sec-0)- public / internet
WAN (sec-100) - ethernet link to MPLS network to remote offices (ISP assinged private address)
Ok so i'm getting confused with my NAT rules here. The routing is fine. The IP scheme of the network is as follows.
10.216.12.x /24 - inside
203.x.x.x /30 - outside
10.226.x.x /30 -WAN
10.226.x.x /30 - WAN interface at remote sites
inside interfaces at remote sites 10.216.x.0 /24 (x being different numbers) each router has static routes (10.216.x.0 /24) to each othes WAN interface.
All sites can route between one another fine.
I can ping from the ASA out of the WAN interface to any device, although when trying to make connections to hosts using VNC for example, i will see these debug errors.
6 Dec 17 2007 16:09:01 305011 10.216.12.145 10.224.33.146 Built dynamic TCP translation from inside:10.216.12.145/2598 to TMP-WAN(inside_nat_outbound):10.224.33.146/1027
6 Dec 17 2007 16:09:01 302013 10.216.12.145 10.216.32.101 Built inbound TCP connection 663 for inside:10.216.12.145/2598 (10.224.33.146/1027) to TMP-WAN:10.216.32.101/5900 (10.216.32.101/5900)
6 Dec 17 2007 16:09:06 305012 10.216.12.145 10.216.12.222 Teardown dynamic TCP translation from inside:10.216.12.145/2596 to inside(inside_nat_outbound):10.216.12.222/1134 duration 0:01:00
6 Dec 17 2007 16:09:06 305012 10.216.12.145 10.216.12.222 Teardown dynamic TCP translation from inside:10.216.12.145/2597 to inside(inside_nat_outbound):10.216.12.222/1135 duration 0:01:00
I am guessing a NAT issue. Can someone clarify what NAT rules i should have on the 3 interfaces and show examples because i really suck with NAT commands and get confused easily.
I used ASDM to set this router up, and now there's a bunch of random ACLs i can see in the config which i am not sure what they are doing there. Here is relevant config, can someone please advise what could be stopping traffic across the WAN link (but allowing ping)?
note: 10.216.132.x 136.x and 140.x are site to site VPNs if anyone is wondering why they are in there.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...