Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5585 Help with NAT

Status
Not open for further replies.
mhaism

mhaism

MIS
Dec 22, 2012
2
AU
Hi guys,

I am new to the ASA arena, I may have made some silly mistakes. Please bare with me.

Situation: I need to access a xendesktop Server vm on the internal 192.168.24.x/24 network from the outside network 10.x.x.x. It is a VDI network so it must be through a web browser from the outside network.

The xendesktop server vm is hosted on a 10.x.x.x vcenter server. At the moment both the inside and outside networks can ping and access telnet/asdm to their ASA interfaces respectively. All pings accross just keep timing out.

I have tried many different configs of NAT and ACLS. The sitution seems simple but I just cannot seem to work it out :( please help.

Let me know if I need to post any configs, will do asap.
 
Sort by date Sort by votes

!
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address 10.XX.XX.XX 255.0.0.0
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 192.168.24.98 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
interface Management0/1
shutdown
no nameif
no security-level
no ip address
management-only
!
interface TenGigabitEthernet0/8
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet0/9
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns server-group DefaultDNS
domain-name EASMDR.COM
same-security-traffic permit intra-interface
object network CiscoNet
subnet 10.XX.XX.XX 255.255.255.0
description CiscoNet
object network VDINetwork
range 192.168.24.30 192.168.24.60
description VDINetwork
object network VDIServer
host 192.168.24.33
description VDIServer
object service rdp
service tcp destination eq 3389
object service rdp_13389
service tcp destination eq 13389
object service vsphere
service tcp destination eq 44
object-group service DM_INLINE_SERVICE_1
service-object udp
service-object tcp
service-object tcp destination eq domain
service-object icmp
service-object ip
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq 137
service-object tcp destination eq 1604
service-object tcp destination eq 2598
service-object tcp destination eq 3389
service-object tcp destination eq 4001
service-object tcp destination eq 9427
service-object tcp destination eq citrix-ica
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object CiscoNet object VDINetwork
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu Outside 1500
mtu Inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp timeout 14400
nat (Outside,Inside) source static CiscoNet interface destination static interface VDIServer
nat (Inside,Outside) source dynamic any interface
access-group Outside_access_in in interface Outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.0.0.0 255.0.0.0 Outside
http 192.168.0.0 255.255.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp auth
entication linkup linkdown coldstart warmstart
telnet 10.0.0.0 255.0.0.0 Outside
telnet 192.168.24.0 255.255.255.0 Inside
telnet timeout 20
ssh 192.168.24.0 255.255.255.0 management
ssh timeout 5
console timeout 0
 
Upvote 0 Downvote
Which version do you have? I know there is a big difference between 8.2 and lower vs 8.3 and newer.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
579
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
562
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
519
intel233
intel233
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
139
PauS0n
PauS0n
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
393
gkreg
gkreg

Part and Inventory Search

Sponsor

Back
Top