Link to home
Start Free TrialLog in
Avatar of modathir
modathirFlag for Canada

asked on

ASA 5510

Hi Guys:
We have this ASA config below and we are trying to allow traffic between the DMZ 172.16.1.15 to a Web server on the other side of the Site-to-Site VPN 192.168.111.141, like you notice the other side is not trusted and there a lot of static mapping and when I tried to create static mapping it says that will overlap with some other NAT and in the log whenever I’m trying to access the Web Server 192.168.111.141 from 172.16.1.15 it will send to the outside public IP15!! config attached
Any help is really appreciated!
Thank you
Mo


ASA-Config.txt
Avatar of John Meggers
John Meggers
Flag of United States of America image

Maybe I'm just missing it, but I don't see where you are denying NAT for the traffic going to the other side of the tunnel.   In 8.2 code that's accomplished with a "zero" instance of nat ["nat (inside) 0 access-list no-nat"] which I'm not seeing in the config.  This would explain why the ASA is NATing that traffic.
ASKER CERTIFIED SOLUTION
Avatar of bgoering
bgoering
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of modathir

ASKER

Part of the solution