I have configured a Cisco ASA 5505 to sit between our network and a vendor network. We do not want NAT running between the two. The vendor controls the router attached to VLAN12 on the ASA.
I do not get ping replies from the vendors router. I suspect they don't have a route configured pointing to the ASA for my internal subnet but they insist the problem is on my end.
If the problem is on my end then the only thing I can think of is it's with the NAT exemption settings.
Below is the snippet of my NAT config.
The IP Address of their router is 192.168.6.2
As a test, I reconfigured the ASA to NAT internal traffic to the kcata interface and could ping the router then, just not with NAT exemption
Does it look correct for bi-directional comminication with NAT exemption?
ip address 10.40.117.132 255.255.255.128
description Port Connecting to KCATA
ip address 192.168.6.1 255.255.255.0
access-list inside_access_in extended permit icmp 10.40.117.128 255.255.255.128 192.168.6.0 255.255.255.0
access-list kcata_access_in extended permit icmp 192.168.6.0 255.255.255.0 10.40.117.128 255.255.255.128
access-list inside_nat0_outbound extended permit ip 10.40.117.128 255.255.255.128 192.168.6.0 255.255.255.0
access-list kcata_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 10.40.117.128 255.255.255.128
nat (inside) 0 access-list inside_nat0_outbound
nat (kcata) 0 access-list kcata_nat0_outbound outside
access-group inside_access_in in interface inside
access-group kcata_access_in in interface kcata