Create the below network topology in GNS3. If anyone needs assistance creating the LAB, we're happy to share the Lab sim.
ASA firewall can ping the web server. User1 can ping the ASA firewall inside the interface.
Now, the user1 wants to reach the web server. When the user1 put a
ping to the web server’s IP address, it cannot ping.
User1 cannot ping the web server because user1 is in a private
IP address range and the web server belongs to a public IP range. Hence we need to do
NAT. Here we are going to use static NAT because the web server has to have one
specific IP address.
209.165.20.96/29 is the network of the ISP. We use
209.165.20.99 for the web server. Let’s see how to configure those settings to
satisfy the requirement.
STEP1: Check the NAT rules
There hasn’t been any NAT rule configured. Let’s configure a NAT
here. Click Add > Add ‘Network Object’ NAT rule.
STEP2: Create a NAT rule
# object network Inside_network
# subnet 10.10.10.0 255.255.255.0
# nat static 209.165.20.99
STEP3: Let’s test the NAT rule.
Go to user1 and put a ping to the web server IP address.
Cannot ping, but when we check through the ASA # show nat, we can see a count?
STEP4: Check ICMP
Here from the show xlate, we can see NAT was working
there. The problem is dropping ICMP. We have to check the service policy rule in
the firewall.
STEP5: Troubleshooting ICMP
# policy-map global_policy
# class inspection_default
# inspect icmp
STEP6: Ping test to Web Server
Now we are able to ping the web server from user1.
Let’s see what is happening at the ASA.
NAT is happening and able to ping the web server as well.
This tutorial is awesome. Every steps are clearly mentioned. What is the asdm version?
ReplyDelete