Re: Bidirectional NAT from ccienovice_at_gmail.com on 2011-11-22 (Ccielab archives 11/2011)

From: <ccienovice_at_gmail.com>
Date: Wed, 23 Nov 2011 01:22:54 +0000

Hi,

I have done ping test from outside to global ip and from local ip to any of the global ip.
ICMP is allowed for testing on firewall.

If only static nat is present and the nat outside and global is removed then, everything works fine.

Cheers,
Nick
Sent on my BlackBerry. from Vodafone

-----Original Message-----
From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Tue, 22 Nov 2011 20:14:34
To: <ccienovice_at_gmail.com>
Cc: <ccielab_at_groupstudy.com>
Subject: Re: Bidirectional NAT

Please post all relevant config, including what is the test that you did
to assert that it works in one direction but not in the other.
-Carlos

ccienovice_at_gmail.com @ 22/11/2011 20:05 -0300 dixit:
> Carlos,
>
> There is only one IP configured at server end.
> ------Original Message------
> From: Carlos G Mendioroz
> To: NiKhil
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Bidirectional NAT
> Sent: Nov 23, 2011 04:32
>
> It might be that the server private address is not the primary address
> on it ? So it answers/gives service but does not use that address to
> originate ?
>
> -Carlos
>
> NiKhil @ 22/11/2011 14:20 -0300 dixit:
>> Hi,
>>
>> I have configured bidirectional NAT on ASA. The configuration is as follows:-
>>
>> ======================
>> nat (outside) 4 access-list OUT-TO-SVR outside
>> !
>> global (inside) 4 172.30.30.1
>> !
>> access-list OUT-TO-SVR extended permit ip any host 192.168.10.1
>> !
>> static (inside,outside) 192.168.10.1 172.30.10.1 netmask 255.255.255.255
>> ========================
>>
>> I am facing problem where the local ip is not getting translated to global but
>> from internet the server is reachable. To be precise, server can't access
>> internet but from internet the server is reachable.
>>
>> Please find the logs as follows:-
>>
>> %ASA-3-305005: No translation group found for icmp src INSIDE:172.30.10.1 dst
>> OUTSIDE:74.125.236.144 (type 8, code 0)
>>
>> Thanks in advance
>>
>> Regards,
>> Nick
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

Received on Wed Nov 23 2011 - 01:22:54 ART

This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 06:29:31 ART