Home
Certification Preparation
Cisco
CCNP
CCNP Security
ASA 5510 Question
flipmad
IOS 831-k8
I am building a Lab with a 5510 simulating my computer as the cloud and I have a 1751 plugged into the LAN interface of the ASA. I want to be able create a NAT to connect to the router via a public IP.
For some reason it doesnt seem to work
Here is what I have
interface Ethernet0/0
description LAN
speed 100
duplex full
nameif inside
security-level 100
ip address 10.255.255.1 255.255.255.0
!
interface Ethernet0/1
description SIM_WAN
nameif outside
security-level 0
ip address 12.127.153.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ROUTER
host 12.127.153.3
object network ROUTER-NAT
host 10.255.255.2
access-list 101 extended permit icmp any any
access-list 103 extended permit icmp any any
access-list 103 extended permit ip object ROUTER-NAT any
access-list 103 extended permit ip any host 12.127.153.3
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static ROUTER ROUTER-NAT
!
object network obj_any
nat (inside,outside) dynamic interface
access-group 103 in interface outside
route outside 0.0.0.0 0.0.0.0 12.127.153.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 10.255.255.0 255.255.255.0 inside
http 12.127.153.0 255.255.255.0 outside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.255.255.0 255.255.255.0 inside
ssh 12.127.153.0 255.255.255.0 outside
Router is set to 10.255.255.2
I can ping between ASA and the router
I apologize beforehand if this is a simple request. I am newer to the ASA and the object groupings is new to me
Find more posts tagged with
Comments
flipmad
Typo. I meant 5510.
It wont allow me to edit the thread title.
johnwest43
check your post on the ccna security forum.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
