Hello Piotr,
I did the same configuration and also removed the translation between inside
and outside I'm still unable to go through.
Thanks,
Manny
On Thu, Jan 20, 2011 at 3:45 PM, Piotr Matusiak <pitt2k_at_gmail.com> wrote:
> Hi,
>
> I'm not sure why do you use NAT between Inside and Outside interfaces as
> there is only Branch behind the outside. Am I correct?
> In order to have internet access for you branch users you should:
> 1. have default gateway on the ASA pointed to the Internet and have static
> routing pointed to the Outside for branch network
> 2. configure NAT so that branch users will be translated when going to the
> internet
> nat (outside) 2 172.16.1.0 255.255.255.0
> global (INTERNET) 2 interface
> 3. allow to send the traffic between interfaces with the same security
> level
> same-security permit inter-interface
>
> If there is no need for translation between Inside and Outside you may
> delete it.
>
>
> Regards,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security), CCSI #33705
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> �If you can't explain it simply, you don't understand it well enough� -
> Albert Einstein
>
>
> 2011/1/20 Manouchehr Omari <manouchehr1979_at_gmail.com>
>
>>
>>
>> Hello Piotr,
>>
>> Here is the output,
>>
>>
>> sh nameif
>>
>> Interface Name Security
>> Ethernet0/0 outside 0
>> Ethernet0/1 inside 100
>> Ethernet0/2 INTERNET 0
>>
>>
>> Kind Regards,
>>
>>
>>
>> On Thu, Jan 20, 2011 at 12:57 PM, Piotr Matusiak <pitt2k_at_gmail.com>wrote:
>>
>>> Hi,
>>>
>>> What are the interface names and security levels on the ASA? Can you send
>>> output of the command show nameif
>>>
>>> Regards,
>>> --
>>> Piotr Matusiak
>>> CCIE #19860 (R&S, Security), CCSI #33705
>>> Technical Instructor
>>> website: www.MicronicsTraining.com
>>> blog: www.ccie1.com
>>>
>>> �If you can't explain it simply, you don't understand it well enough� -
>>> Albert Einstein
>>>
>>>
>>> 2011/1/20 Manouchehr Omari <manouchehr1979_at_gmail.com>
>>>
>>>> Dear All,
>>>>
>>>> I will highly appreciate any help in this regard, one of our branches
>>>> connected through E1 circuit with IPSec tunnel is unable to use Internet
>>>> from HQ, Below is the topology,
>>>>
>>>>
>>>>
>>>> HQ - ASA 5510-------------E1------------------ Router - Branch ---- LAN
>>>>
>>>>
>>>> ASA has interfaces,
>>>>
>>>> E0/0 = E1 connecting branch..
>>>> E0/1 = HQ LAN
>>>> E0/2 = Internet
>>>>
>>>> Below is the NAT and the ACL for interesting traffic config on ASA
>>>>
>>>> global (outside) 1 interface
>>>> nat (inside) 1 0.0.0.0 0.0.0.0
>>>> nat (inside) 0 access-list 101
>>>>
>>>> access-list 101 per ip 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0
>>>>
>>>> Everything is working fine except that users in the branch unable to
>>>> access
>>>> the Internet through HQ i don't think if the NAT configuration on ASA is
>>>> correct in order for the branch users to be able to access the internet,
>>>> and
>>>> also I'm not doing any NAT on branch router. Anyone with any help
>>>> please...
>>>>
>>>> Kind Regards,
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 21 2011 - 01:05:38 ART