Same-security-traffic problems

[pgatt62]

Hello Again

Following on from the flash worries, I've now installed the ASA and can access the internet from both G0/1 & G0/2 networks. My only problem is that I acn't ping across the device from hosts on each different network.
I've enabled same-security-traffic and icmp inspect in the global policy all to no avail. Any suggestions would help immensely.
Regards etc pgatt62

 

[unclerico]

can you post your current config??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pgatt62]

Hey Unclerico

Thanks for the continued support. What I've done is created an ACL for each network and vice versa and then a nat 0 command and its working. Here it is for your perusal


same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list NON-NAT extended permit ip 172.24.16.0 255.255.252.0 172.24.20.0 255
.255.252.0
access-list NON-NAT extended permit ip 172.24.20.0 255.255.252.0 172.24.16.0 255
.255.252.0


icmp permit 172.24.20.0 255.255.252.0 inside1
icmp permit 172.24.16.0 255.255.252.0 inside2
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside1) 0 access-list NON-NAT
nat (inside1) 1 0.0.0.0 0.0.0.0
nat (inside2) 0 access-list NON-NAT
nat (inside2) 1 0.0.0.0 0.0.0.0


Regards etc pgatt62

 

[unclerico]

absolutely. you could do that or use identity nat, either way it works. good job.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pgatt62]

Thanks, thats high praise indeed!

 

[pgatt62]

You wouldn't believe it but after some further configuration I've lost the ping across internal networks.
AAARghhh!

Regards pgatt62