Toplogy: https://drive.google.com/file/d/1gTY1kLaCppo7mtcyjCWxyh7acNpODQh_/view?usp=sharing
Tool Used: Cisco Packet Tracer
Scenario:
- NAT for hosts in any of the VLANs of Layer3-Switch not working.
- Ping requests reaches outside server, but NAT is not working so ISP Router can't route the request back to ASA (because destination ip is Private IP address).
- NAT is working if I ping outside server from Layer3-Switch
PKT FILE: https://drive.google.com/file/d/1qbVw9XsCtTbjeGmY5OpxK1552CULkq-C/view?usp=sharing
-------------
The configurations, if you don't want to download file.
ASA Configuration:
interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 switchport access vlan 3 ! interface Vlan1 no nameif security-level 100 ip address 192.168.1.1 255.255.255.0 shutdown ! interface Vlan2 nameif inside security-level 100 ip address 172.16.0.2 255.255.0.0 ! interface Vlan3 nameif outside security-level 0 ip address 51.1.1.1 255.0.0.0 ! object network LAN subnet 172.16.0.0 255.255.255.0 object network VLAN10 subnet 192.168.10.0 255.255.255.0 object network VLAN20 subnet 192.168.20.0 255.255.255.0 object network VLAN30 subnet 192.168.30.0 255.255.255.0 object network VLAN40 subnet 192.168.40.0 255.255.255.0 object network VLAN50 subnet 192.168.50.0 255.255.255.0 ! route outside 0.0.0.0 0.0.0.0 51.1.1.2 1 route inside 192.168.0.0 255.255.0.0 172.16.0.1 1 ! access-list local-to-internet extended permit tcp any any access-list local-to-internet extended permit icmp any any ! ! access-group local-to-internet in interface outside object network LAN nat (inside,outside) dynamic interface object network VLAN10 nat (inside,outside) dynamic interface object network VLAN20 nat (inside,outside) dynamic interface object network VLAN30 nat (inside,outside) dynamic interface object network VLAN40 nat (inside,outside) dynamic interface object network VLAN50 nat (inside,outside) dynamic interface Layer3-Switch Configuration:
ip routing ! ! spanning-tree mode pvst ! ! interface FastEthernet0/1 no switchport ip address 172.16.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access switchport nonegotiate ! interface FastEthernet0/5 switchport access vlan 20 switchport mode access switchport nonegotiate ! interface FastEthernet0/6 switchport access vlan 30 switchport mode access switchport nonegotiate ! interface FastEthernet0/7 switchport access vlan 40 switchport mode access switchport nonegotiate ! interface FastEthernet0/8 switchport access vlan 50 switchport mode access switchport nonegotiate ! interface Vlan1 ip address 10.0.0.1 255.0.0.0 ! interface Vlan10 mac-address 0001.426c.9901 ip address 192.168.10.1 255.255.255.0 ip helper-address 10.0.0.2 ip helper-address 10.0.0.3 ! interface Vlan20 mac-address 0001.426c.9902 ip address 192.168.20.1 255.255.255.0 ip helper-address 10.0.0.2 ip helper-address 10.0.0.3 ! interface Vlan30 mac-address 0001.426c.9903 ip address 192.168.30.1 255.255.255.0 ip helper-address 10.0.0.2 ip helper-address 10.0.0.3 ! interface Vlan40 mac-address 0001.426c.9904 ip address 192.168.40.1 255.255.255.0 ip helper-address 10.0.0.2 ip helper-address 10.0.0.3 ! interface Vlan50 mac-address 0001.426c.9905 ip address 192.168.50.1 255.255.255.0 ip helper-address 10.0.0.2 ip helper-address 10.0.0.3 ! router ospf 1 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 0 network 10.0.0.0 0.255.255.255 area 0 network 172.16.0.0 0.0.255.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.0.2 
No comments:
Post a Comment