ASA5510 unable to talk between ethernet 0/1 and 0/2

Discussion in 'Cisco' started by mark256789, Jan 21, 2010.

  1. mark256789

    mark256789 Guest

    All,

    I have setup ASA5510 and 0/1 and 0/2 were unable talking to each
    other.
    Here is the configuration:
    ethernet 0/0 outside security level 0
    ethernet 0/1 inside security level 100
    ethernet 0/2 private security level 100

    same-security-traffic permit inter-interface
    access-list nonat extended permit ip 192.168.2.0 255.255.255.0
    192.168.2.0 255.255.255.0
    access-list nonat extended permit ip 192.168.3.0 255.255.255.0
    192.168.3.0 255.255.255.0
    nat (Inside) 0 access-list nonat
    nat (Inside) 1 0.0.0.0 0.0.0.0
    nat (private) 0 access-list nonat
    nat (private) 1 0.0.0.0 0.0.0.0

    The servers on both side were able to access internet..
    When I try to ping and the following error log from the firewall log:
    portmap translation creation failed for icmp src Inside:
    192.168.2.151dst private:192.168.3.101(type 8, code 0)

    Any help is appreciated.
     
    mark256789, Jan 21, 2010
    #1
    1. Advertisements

  2. The ASA has no state about such a connection. So you are required to guide
    the initial way though the system:
    static (inside,private) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
    static (private,inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

    Have fun.
     
    Lutz Donnerhacke, Jan 21, 2010
    #2
    1. Advertisements

  3. mark256789

    zupa

    Joined:
    Mar 19, 2009
    Messages:
    8
    Likes Received:
    0
    Location:
    Latvia
    Maybe you meant such an access list:

    access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
    access-list nonat extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
     
    zupa, Jan 23, 2010
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.