ASA 5505 help

We switched ISP's and had a PIX 515e. The new firewall is a ASA

5505. We use a managed service to configure our Cisco gear. When we switched to the ASA 5505 we are not able to get out to the web behind a Linksys router. The router IP is on the on main lan and behind the router is another lan. It works fine until we added a static map from the outside IP of the ISP to the IP of the Linksys router. If we delete the static map it works. My cisco guy is telling me the ASA is considering this a hack and it won't work. I don't buy this answer as it worked on the PIX and there must be some sort of work around.
Reply to
Gary Quiring
Loading thread data ...

I sounds to me like you are not NATing the traffic on the ASA. First can you ping from behind your linksys to the inside interface of your ASA? Your ASA needs a route back to the LAN side of the Linksys. Do a route inside (model your addressing), next make sure you are able to NAT the routes on the inside of the Linksys. You have a a global and a NAT command that work together.

global (outside) 1 interface nat (inside) 1

The above example will NAT any 192.168.x.x network address (not always a great idea) with the outside interface on the ASA you can substitute outside for a REAL address.

Reply to
gcave Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.