1 Reply Latest reply: Mar 3, 2012 8:19 PM by Kingsley - CCSP/CCIP/ CCNP/CCIE Security RSS

    Icmp type and Policy-nat

    Dr. RDX

      Task requires to configure policy nat for ping request from PCA to ServerB Having ASA in between

       

      PCA = 1.1.1.1

      ServerB - 2.2.2.2

       

      My solution:

      access-list extended natentry permit icmp host 1.1.1.1 host 2.2.2.2 echo

       

      nat (inside) 1 access-list natentry

      global (outside) 1 2.2.2.10

       

      End Result = Doesnt works

       

       

      Another Solution:

      access-list extended natentry permit icmp host 1.1.1.1 host 2.2.2.2

       

      nat (inside) 1 access-list natentry

      global (outside) 1 2.2.2.10

       

      End Result = Works

       

      Why is it not working when I have narrowed the ACL down to echo because I want NAT to be done once PCA issues echo request and not the entire of icmp types .