This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM and Cisco ASA 5005 NAT/routing

Hi, Our enviroment My LAN= 192.168.157.x and 3 computers (192.168.157.1 to 3) Customer LAN 2.14.224.x My Sophos UTM has 192.168.157.70 ip and an interface with 172.16.0.3 which is a exchange LAN created between out both LAN networks Cisco ASA has 172.16.0.1 and some objetcs defined NAT, for example: PC1 192.168.157.1 at ASA 172.16.0.1 and then, a rule to route traffic to 2.14....network At my Sophos there is a SourceNAT wich translates source ip 192.168.157.1 to 172.16 network changing to 172.16.0.1(in this case) Of course there is something wrong because I can not ping or telnet ports from my computer at 192.168.157.x Any ideas? Reagards

This thread was automatically locked due to age.

0 BAlfson over 9 years ago

Edgar, you should only need a firewall rule to allow traffic between subnets defined on UTM interfaces. All of the routing is done automatically by WebAdmin and the Configuration daemon, so your NAT rule is only needed if you've made a misconfiguration elsewhere.

Pinging is regulated on the 'ICMP' tab of firewall.

It's always a good idea to start troubleshooting with #1 in Rulz.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Edgar_Quintana over 9 years ago

Hi,

For example.. from computer 192.168.157.1 which has as gw 192.168.157.70, the utm. I have a routing rule like :

Route type: interface route
Network: 172.16.0.0/25
interface 7 which has 172.16.0.3

With this config, I can ping both 172.16.0.3 and the asa interface 172.16.0.1
The customer gave me a nat table like

pc1 192.168.1571 172.16.0.11 and a telnet server at 172.16.0.51 but I can not ping or telnet that server

Ideas?

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago

A network diagram would make the question easier to understand. [;)]

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel