ASA 5505 help

- G
- Gary Quiring
  
  Contact options for registered users
posted
16 years ago

Mon, Jul 16, 2007 3:54 PM

We switched ISP's and had a PIX 515e. The new firewall is a ASA

5505. We use a managed service to configure our Cisco gear. When we switched to the ASA 5505 we are not able to get out to the web behind a Linksys router. The router IP is on the on main lan and behind the router is another lan. It works fine until we added a static map from the outside IP of the ISP to the IP of the Linksys router. If we delete the static map it works. My cisco guy is telling me the ASA is considering this a hack and it won't work. I don't buy this answer as it worked on the PIX and there must be some sort of work around.

Loading thread data ...

- G
- gcave
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Tue, Jul 17, 2007 1:35 AM

I sounds to me like you are not NATing the traffic on the ASA. First can you ping from behind your linksys to the inside interface of your ASA? Your ASA needs a route back to the LAN side of the Linksys. Do a route inside 10.1.1.0 255.255.255.0 10.1.1.254 (model your addressing), next make sure you are able to NAT the routes on the inside of the Linksys. You have a a global and a NAT command that work together.

global (outside) 1 interface nat (inside) 1 192.168.0.0 255.255.0.0

The above example will NAT any 192.168.x.x network address (not always a great idea) with the outside interface on the ASA you can substitute outside for a REAL address.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.