|
Posted by on March 13, 2007, 9:05 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I followed Cisco's instructions to the T, yet can't get simple Dynamic
> PAT working on my new ASA 5510, here's the relevant sections of
> config:
>
> interface Ethernet0/0
> nameif inside
> security-level 100
> ip address 192.168.1.222 255.255.255.0
> interface Ethernet0/1
> nameif outside
> security-level 0
> ip address A.B.C.D 255.255.255.128
> global (outside) 2 interface
> nat (inside) 2 access-list FlowA
> access-list FlowA extended permit ip 192.168.200.0 255.255.255.192 any
> route outside 0.0.0.0 0.0.0.0 A.B.C.E 1
> route inside 192.168.1.0 255.255.255.0 192.168.1.14 1
>
> All internal traffic from 200.x to 1.x works great, but when 200.x
> tries to get to the internet it gets timeouts
>
> Show xlate shows 0 translations happening, where have I gone wrong?
> 200.x are addresses given out by inbound VPN connections from
> roadwarrier clients
I am assuming that you have a router/layer 3 switch on the inside
network routing between the 192.168.200.x network and the 192.168.1.x
network? If there are no NAT translations appearing on the ASA it
looks as if the traffic isn't hitting the ASA so do you have a default
route configured on your internal router pointing at the ASA?
Also you have no route inside statement on the ASA for the
192.168.200.0 255.255.255.192 network so traffic originating from this
network will not be able to route back.
The existing route inside statement a mistake? It is not required as
the 192.168.1.0 255.255.255.0 network is your directly connected
inside network so you don't need a route for that!
Other than that, the PAT config looks OK.
Cheers,
Mark
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map