ASA 5505 Nat Exemption

I have configured a Cisco ASA 5505 to sit between our network and a vendor network. We do not want NAT running between the two. The vendor controls the router attached to VLAN12 on the ASA.

I do not get ping replies from the vendors router. I suspect they don't have a route configured pointing to the ASA for my internal subnet but they insist the problem is on my end.

If the problem is on my end then the only thing I can think of is it's with the NAT exemption settings.
Below is the snippet of my NAT config.

The IP Address of their router is 192.168.6.2

As a test, I reconfigured the ASA to NAT internal traffic to the kcata interface and could ping the router then, just not with NAT exemption

Does it look correct for bi-directional comminication with NAT exemption?

Thanks,

Denny
 

 

interface Vlan1
 nameif inside
 security-level 100
 ip address 10.40.117.132 255.255.255.128 
!
interface Vlan12
 description Port Connecting to KCATA
 nameif kcata
 security-level 10
 ip address 192.168.6.1 255.255.255.0 
!
access-list inside_access_in extended permit icmp 10.40.117.128 255.255.255.128 192.168.6.0 255.255.255.0 
access-list kcata_access_in extended permit icmp 192.168.6.0 255.255.255.0 10.40.117.128 255.255.255.128 
 
access-list inside_nat0_outbound extended permit ip 10.40.117.128 255.255.255.128 192.168.6.0 255.255.255.0 
access-list kcata_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 10.40.117.128 255.255.255.128 
 
nat (inside) 0 access-list inside_nat0_outbound
nat (kcata) 0 access-list kcata_nat0_outbound outside
 
access-group inside_access_in in interface inside
access-group kcata_access_in in interface kcata

Select allOpen in new window