Solved

ASA 5510

Posted on 2011-02-13
3
339 Views
Last Modified: 2012-05-11
Hi Guys:
We have this ASA config below and we are trying to allow traffic between the DMZ 172.16.1.15 to a Web server on the other side of the Site-to-Site VPN 192.168.111.141, like you notice the other side is not trusted and there a lot of static mapping and when I tried to create static mapping it says that will overlap with some other NAT and in the log whenever I’m trying to access the Web Server 192.168.111.141 from 172.16.1.15 it will send to the outside public IP15!! config attached
Any help is really appreciated!
Thank you
Mo


ASA-Config.txt
0
Comment
Question by:modathir
3 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 34890938
Maybe I'm just missing it, but I don't see where you are denying NAT for the traffic going to the other side of the tunnel.   In 8.2 code that's accomplished with a "zero" instance of nat ["nat (inside) 0 access-list no-nat"] which I'm not seeing in the config.  This would explain why the ASA is NATing that traffic.
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34891443
You may need to add a:
access-list outside_map_1 extended permit ip 192.168.111.0 255.255.255.0 172.16.1.0 255.255.255.0
to allow return traffic to your dmz, presently it looks like you are only allowing traffic to 192.168.167.0/24

To get it going the other way create
access-list intf2_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 192.168.111.0
nat (intf2) 0 access-list intf2_nat0_outbound

0
 
LVL 5

Author Closing Comment

by:modathir
ID: 34958260
Part of the solution
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OSPF metric and destination 2 37
Open a port on Cisco Router 1941 23 35
Port Forwarding on Cisco 881 14 42
access vs trunk with voice vlan 2 20
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now