We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


311 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Rene

    In the NAT table of the ASA why the subnets are /23. We are using /24.

    ASA1# nat: untranslation - OUTSIDE: to DMZ: (xp:0xab2b3980, policy:0xad2632a0)


  2. Thanks Rene . I have sorted out the issue when capturing the packet.Many Thanks

  3. I need help please

    I am using the same topology but but unable to telnet there is an an error % Connection timed out; remote host not responding

  4. Hello Naveed

    Make sure that all of the commands you have entered are as described in the lesson. Keep in mind also that you will require the use of an access list to allow the traffic to go through, otherwise it will be dropped. Specifically, for ASA versions before 8.3, you will need to issue the following command:

    ASA1(config)# access-list OUTSIDE_TO_DMZ extended permit tcp any host

    For version 8.3 and later, you will have to substitute the “real” IP address for the “NAT translated” address. So the command would look like this:

    ASA1(config)# access-list OUTSIDE_TO_DMZ extended permit tcp any host

    Depending on the version you have, you should put in the appropriate command.

    Try it out and let us know your results!

    I hope this has been helpful!


20 more replies! Ask a question or join the discussion by visiting our Community Forum