ASA5510 unable to talk between ethernet 0/1 and 0/2

Discussion in 'Cisco' started by mark256789, Jan 21, 2010.

  1. mark256789

    mark256789 Guest

    All,

    I have setup ASA5510 and 0/1 and 0/2 were unable talking to each
    other.
    Here is the configuration:
    ethernet 0/0 outside security level 0
    ethernet 0/1 inside security level 100
    ethernet 0/2 private security level 100

    same-security-traffic permit inter-interface
    access-list nonat extended permit ip 192.168.2.0 255.255.255.0
    192.168.2.0 255.255.255.0
    access-list nonat extended permit ip 192.168.3.0 255.255.255.0
    192.168.3.0 255.255.255.0
    nat (Inside) 0 access-list nonat
    nat (Inside) 1 0.0.0.0 0.0.0.0
    nat (private) 0 access-list nonat
    nat (private) 1 0.0.0.0 0.0.0.0

    The servers on both side were able to access internet..
    When I try to ping and the following error log from the firewall log:
    portmap translation creation failed for icmp src Inside:
    192.168.2.151dst private:192.168.3.101(type 8, code 0)

    Any help is appreciated.
    mark256789, Jan 21, 2010
    #1
    1. Advertising

  2. * mark256789 wrote:
    > When I try to ping and the following error log from the firewall log:
    > portmap translation creation failed for icmp src Inside:
    > 192.168.2.151dst private:192.168.3.101(type 8, code 0)


    The ASA has no state about such a connection. So you are required to guide
    the initial way though the system:
    static (inside,private) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
    static (private,inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

    Have fun.
    Lutz Donnerhacke, Jan 21, 2010
    #2
    1. Advertising

  3. mark256789

    zupa

    Joined:
    Mar 19, 2009
    Messages:
    8
    Location:
    Latvia
    Maybe you meant such an access list:

    access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
    access-list nonat extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
    zupa, Jan 23, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Sm9obiBN?=

    Unable to see machines on the ethernet; Unable to find printers

    =?Utf-8?B?Sm9obiBN?=, Jun 6, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    893
    Jack \(MVP\)
    Jun 7, 2005
  2. Peter
    Replies:
    2
    Views:
    1,019
  3. Sacred

    Skype and Talk Talk

    Sacred, Jul 26, 2006, in forum: UK VOIP
    Replies:
    9
    Views:
    2,087
  4. Bob B

    Change to Talk Talk

    Bob B, Aug 23, 2006, in forum: Wireless Networking
    Replies:
    2
    Views:
    627
    Joan Archer
    Aug 24, 2006
  5. Rolf
    Replies:
    2
    Views:
    613
Loading...

Share This Page