1 Reply Latest reply: Feb 1, 2012 9:19 AM by CiscoLoco - CCIE# 50844 RSS

    2 Questions

    Rama Krishnan

      Hi All,

      Question 1:

      Till yesterday my GNS Lab working fine, from today onwards i could not able to reach my inside host from Firewall.(please attach diagram and config)

      I havent any clue to troubleshoot and fix this issue..My LAB totally struck up due to this..please help me out on this..

      (a) Able to ping from ASA to R1 f0/0 interface, but could not reach MYHOST(

      (b) Able to ping from MYHOST to ASA INSIDE interface

      (c) Exact ARP learned on both R1 and ASA

      (d)MYHOST "route print" attached below.


      interface FastEthernet0/0

      ip address

      duplex auto

      speed auto


      interface FastEthernet1/0

      ip address

      duplex auto

      speed auto


      ASA Version 8.0(2)

      interface Ethernet0/0

      nameif OUTSIDE

      security-level 0

      ip address


      interface Ethernet0/1

      nameif INSIDE

      security-level 100

      ip address

      route INSIDE 1


      route print:   45(High Metric)

      Question 2:

      I want to do a inbound and outboud NAT/PAT with the single Public IP address:

      I scenario like:

           Server <----------------- NATed(only comes on 80) <------- Internet

         (Private 192.x.x.x)                                  (Public IP: such like policy NAT

      same time:

          My Local Network -------- > NATed(acessing Internet) ----------> Internet

                                                                     (Public IP:

      Can any one suggest me IS it feasible to inbound/outbound NAT?

      Thank in Advance...





        • 1. Re: 2 Questions
          CiscoLoco - CCIE# 50844

          Can you do a continous ping from your ASA to the host and check the logs on the asa "sh logging".  Your second questions is certainly possible and I have done it before.  The configuration needed on the ASA isn't very intuitive for that scenario.  Below I have the configuration that should work for you.


          nat (Inside) 1

          global (Outside) 1 interface


          static (Inside,Outside) tcp interface www www