ASA 5510 Question
flipmad
Member Posts: 184
IOS 831-k8
I am building a Lab with a 5510 simulating my computer as the cloud and I have a 1751 plugged into the LAN interface of the ASA. I want to be able create a NAT to connect to the router via a public IP.
For some reason it doesnt seem to work
Here is what I have
interface Ethernet0/0
description LAN
speed 100
duplex full
nameif inside
security-level 100
ip address 10.255.255.1 255.255.255.0
!
interface Ethernet0/1
description SIM_WAN
nameif outside
security-level 0
ip address 12.127.153.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ROUTER
host 12.127.153.3
object network ROUTER-NAT
host 10.255.255.2
access-list 101 extended permit icmp any any
access-list 103 extended permit icmp any any
access-list 103 extended permit ip object ROUTER-NAT any
access-list 103 extended permit ip any host 12.127.153.3
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static ROUTER ROUTER-NAT
!
object network obj_any
nat (inside,outside) dynamic interface
access-group 103 in interface outside
route outside 0.0.0.0 0.0.0.0 12.127.153.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 10.255.255.0 255.255.255.0 inside
http 12.127.153.0 255.255.255.0 outside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.255.255.0 255.255.255.0 inside
ssh 12.127.153.0 255.255.255.0 outside
Router is set to 10.255.255.2
I can ping between ASA and the router
I apologize beforehand if this is a simple request. I am newer to the ASA and the object groupings is new to me
I am building a Lab with a 5510 simulating my computer as the cloud and I have a 1751 plugged into the LAN interface of the ASA. I want to be able create a NAT to connect to the router via a public IP.
For some reason it doesnt seem to work
Here is what I have
interface Ethernet0/0
description LAN
speed 100
duplex full
nameif inside
security-level 100
ip address 10.255.255.1 255.255.255.0
!
interface Ethernet0/1
description SIM_WAN
nameif outside
security-level 0
ip address 12.127.153.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ROUTER
host 12.127.153.3
object network ROUTER-NAT
host 10.255.255.2
access-list 101 extended permit icmp any any
access-list 103 extended permit icmp any any
access-list 103 extended permit ip object ROUTER-NAT any
access-list 103 extended permit ip any host 12.127.153.3
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static ROUTER ROUTER-NAT
!
object network obj_any
nat (inside,outside) dynamic interface
access-group 103 in interface outside
route outside 0.0.0.0 0.0.0.0 12.127.153.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 10.255.255.0 255.255.255.0 inside
http 12.127.153.0 255.255.255.0 outside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.255.255.0 255.255.255.0 inside
ssh 12.127.153.0 255.255.255.0 outside
Router is set to 10.255.255.2
I can ping between ASA and the router
I apologize beforehand if this is a simple request. I am newer to the ASA and the object groupings is new to me
Comments
-
johnwest43 Member Posts: 294check your post on the ccna security forum.CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014