Skip navigation
Cisco Learning Home > CCSP Study Group > Discussions
1396 Views 1 Reply Latest reply: Feb 1, 2012 9:19 AM by CiscoLoco - CCNP RSS

Currently Being Moderated

2 Questions

Feb 1, 2012 8:23 AM

Hi All,


Question 1:


Till yesterday my GNS Lab working fine, from today onwards i could not able to reach my inside host from Firewall.(please attach diagram and config)

I havent any clue to troubleshoot and fix this issue..My LAB totally struck up due to this..please help me out on this..


(a) Able to ping from ASA to R1 f0/0 interface, but could not reach MYHOST(192.168.1.10)

(b) Able to ping from MYHOST to ASA INSIDE interface

(c) Exact ARP learned on both R1 and ASA

(d)MYHOST "route print" attached below.


R1:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1/0

ip address 10.10.10.10 255.255.255.0

duplex auto

speed auto


ASA:


ASA Version 8.0(2)


interface Ethernet0/0

nameif OUTSIDE

security-level 0

ip address 1.1.1.1 255.255.255.0

!

interface Ethernet0/1

nameif INSIDE

security-level 100

ip address 10.10.10.1 255.255.255.0

route INSIDE 0.0.0.0 0.0.0.0 10.10.10.10 1


MyHOST:

route print:  0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10   45(High Metric)



Question 2:


I want to do a inbound and outboud NAT/PAT with the single Public IP address:

I scenario like:



     Server <----------------- NATed(only comes on 80) <------- Internet

   (Private 192.x.x.x)                                  (Public IP: 200.200.200.200) such like policy NAT


same time:


    My Local Network -------- > NATed(acessing Internet) ----------> Internet

                                                               (Public IP:200.200.200.200)


Can any one suggest me IS it feasible to inbound/outbound NAT?


Thank in Advance...



Regards

Krishna

 





 



Attachments:
  • CiscoLoco - CCNP 956 posts since
    Feb 11, 2009
    Currently Being Moderated
    1. Feb 1, 2012 9:19 AM (in response to Krishna)
    Re: 2 Questions

    Can you do a continous ping from your ASA to the host and check the logs on the asa "sh logging".  Your second questions is certainly possible and I have done it before.  The configuration needed on the ASA isn't very intuitive for that scenario.  Below I have the configuration that should work for you.

     

    nat (Inside) 1 192.168.1.0 255.255.255.0

    global (Outside) 1 interface

     

    static (Inside,Outside) tcp interface www 192.168.10.10 www

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)