CyberSec
asked on
NAT problem on 2 ASA's
Ok this config was working for a while and then just stopped and I'm at a loss with this one. I have two ASA 5505's connected together. ASA1 is directly connected the internet via DHCP and has an Outside, Inside, and DMZ vlan. ASA2 is connected to ASA1 and only has an Inside and Outside vlan. ASA2's Outside is connected to ASA1's DMZ and from there I'm trying to NAT to the Outside vlan. From ASA2, I can ping the Inside interface but not the Outside of ASA2 or the DMZ of ASA1. I used to be able to ping the DMZ of ASA1 from an Inside host on ASA2 but this is no longer the case. On ASA1 from the ASDM I can see that ICMP packets are reaching ASA1 on the DMZ, but I cannot connect to the Internet. Essentially what I'm trying to do here is connect ASA2 to ASA1 as if ASA1 was the ISP. ASA2 is then hosting VM's so that I can test my configurations. I have attached a diagram and my two configs to try to make this clear as possible. Any help is appreciated ;-)
Network-Diagram.pdf
-ASA1-Config.txt
-ASA2-Config.txt
Network-Diagram.pdf
-ASA1-Config.txt
-ASA2-Config.txt
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER