There's a mobile version of our website.
I have a DMZ and a Clientnetwork in place, I require that my proxy servers in the DMZ be able to authenticate with my ldap server in the clietnnetwork.
I have created a NAT rule as follows
interface (clientNetwork) Ldap Server >> Interface (DMZ) Translated IP
I would expect that my proxy server would then be able to ping the translated IP but this is not hte case. Do I also need to create an access rule? or am I missing something?
Apologies if this question is a simple one but I am new to cisco asas and slowly getting by
Your help would be much appreciated
Please find outputs below
nat (dmzdata) 0 access-list ALLRAS
nat (AHdata) 0 access-list ALLRAS
nat (AHdata) 1 10.0.1.0 255.255.255.0
nat (dmzAHmgmt) 0 access-list ALLRAS
nat (dmzAHmgmt) 1 10.1.2.0 255.255.255.0
nat (AHmgmt) 0 access-list ALLRAS
nat (AHmgmt) 1 10.1.1.0 255.255.255.0
asa-L# sh run static
static (dmzdata,AHmgmt) 10.1.1.37 ProxyVIP netmask 255.255.255.255
static (AHdata,dmzdata) 192.168.9.9 macserver netmask 255.255.255.255
global (dmzdata) 1 interface
global (AHdata) 1 interface
global (dmzmgmt) 1 interface
global (AHmgmt) 1 interface
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 dmzdata x 255.255.255.0 CONFIG
GigabitEthernet0/1 AHdata x 255.255.255.0 manual
GigabitEthernet0/2 dmzmgmt x 255.255.255.0 CONFIG
GigabitEthernet0/3 folink x 255.255.255.0 unset
Management0/0 AHmgmt x 255.255.255.0 CONFIG
just to add it appears a ping request from the proxy server is being denied by the ACL on the asa.
I can see this from the syslog and thus suggests I need to enable or add something in the acl as well as the NAT rule?
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion