ASA5510 unable to talk between ethernet 0/1 and 0/2
 

All,

I have setup ASA5510 and 0/1 and 0/2 were unable talking to each
other.
Here is the configuration:
ethernet 0/0 outside security level 0
ethernet 0/1 inside security level 100
ethernet 0/2 private security level 100

same-security-traffic permit inter-interface
access-list nonat extended permit ip 192.168.2.0 255.255.255.0
192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.3.0 255.255.255.0
192.168.3.0 255.255.255.0
nat (Inside) 0 access-list nonat
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (private) 0 access-list nonat
nat (private) 1 0.0.0.0 0.0.0.0

The servers on both side were able to access internet..
When I try to ping and the following error log from the firewall log:
portmap translation creation failed for icmp src Inside:
192.168.2.151dst private:192.168.3.101(type 8, code 0)

Any help is appreciated.

Re: ASA5510 unable to talk between ethernet 0/1 and 0/2
 

* mark256789 wrote:
> When I try to ping and the following error log from the firewall log:
> portmap translation creation failed for icmp src Inside:
> 192.168.2.151dst private:192.168.3.101(type 8, code 0)

The ASA has no state about such a connection. So you are required to guide
the initial way though the system:
static (inside,private) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (private,inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

Have fun.

Maybe you meant such an access list:

access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list nonat extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0