https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012880#M440599 <P>Hello,</P><P></P><P>i have an intressted problem with my ASA 5510 CSC</P><P></P><P>i configured many firewalls till yet and i configure the normal static often times but this time it is not working as assumed.</P><P></P><P>Cisco ASA 5510 in failover</P><P></P><P></P><P>Public Network: is a x.x.x.128 /28</P><P></P><P>the two ip's that are configured on the outside(.130 &amp;.131) are working fine with pat and static etc.</P><P></P><P>but when i configure the third public ip in the subnet with a static </P><P></P><P> static (inside,outside) x.x.x.133 172.x.x.x netmask 255.255.255.255</P><P></P><P>it is not working </P><P></P><P>the firewall has an default route to the ISP Router x.x.x.129</P><P></P><P>Here a capture </P><P></P><P>fw-001(config)# sh run access-list vpn<BR /> access-list test extended permit tcp any host x.x.x.132 eq 3389<BR /> access-list test extended permit tcp host x.x.x.132 any eq 3389<BR /> <BR /> fw-at-klu-serA-001(config)# sh capture<BR /> capture vpn type raw-data access-list test interface outside [Capturing - 0 bytes]</P><P></P><P>i try to access a server with rdp from the outside but no hit. </P><P></P><P>when i set an traceroute from an client to the .130 the fw is working, if i trace to .132 the last hop that i can see is the one hop ago the ISP onsite Router the .129</P><P> <BR /> i thought that be an routing issue on the Provider site but they told me that everything is fine, because when i connect me with a PC to the Internet VLAN and give it the ip x.x.x.132 it is working fine. The Provider also told me during the test he cannot see an arp enrtry in the ISP Router from .132</P><P></P><P><BR /> has somebody an idea ? </P><P></P><P>BR,</P><P>Martin </P> Mon, 11 Mar 2019 23:21:36 GMT prutejmartin 2019-03-11T23:21:36Z https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012880#M440599 <P>Hello,</P><P></P><P>i have an intressted problem with my ASA 5510 CSC</P><P></P><P>i configured many firewalls till yet and i configure the normal static often times but this time it is not working as assumed.</P><P></P><P>Cisco ASA 5510 in failover</P><P></P><P></P><P>Public Network: is a x.x.x.128 /28</P><P></P><P>the two ip's that are configured on the outside(.130 &amp;.131) are working fine with pat and static etc.</P><P></P><P>but when i configure the third public ip in the subnet with a static </P><P></P><P> static (inside,outside) x.x.x.133 172.x.x.x netmask 255.255.255.255</P><P></P><P>it is not working </P><P></P><P>the firewall has an default route to the ISP Router x.x.x.129</P><P></P><P>Here a capture </P><P></P><P>fw-001(config)# sh run access-list vpn<BR /> access-list test extended permit tcp any host x.x.x.132 eq 3389<BR /> access-list test extended permit tcp host x.x.x.132 any eq 3389<BR /> <BR /> fw-at-klu-serA-001(config)# sh capture<BR /> capture vpn type raw-data access-list test interface outside [Capturing - 0 bytes]</P><P></P><P>i try to access a server with rdp from the outside but no hit. </P><P></P><P>when i set an traceroute from an client to the .130 the fw is working, if i trace to .132 the last hop that i can see is the one hop ago the ISP onsite Router the .129</P><P> <BR /> i thought that be an routing issue on the Provider site but they told me that everything is fine, because when i connect me with a PC to the Internet VLAN and give it the ip x.x.x.132 it is working fine. The Provider also told me during the test he cannot see an arp enrtry in the ISP Router from .132</P><P></P><P><BR /> has somebody an idea ? </P><P></P><P>BR,</P><P>Martin </P> Mon, 11 Mar 2019 23:21:36 GMT https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012880#M440599 prutejmartin 2019-03-11T23:21:36Z https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012881#M440602 <HTML><HEAD></HEAD><BODY><P>Hi Martin,</P><P>Can you please check your Nat again :- </P><P>your Static command show .133 and you are complaing about 132. Is that a typo here or is also a typo on the firewall.</P><P></P><P>Also can you please check the Subnet Mask on your outside interface for /28 &amp; have your ISP clear arp cache on their end.</P><P></P><P>Manish </P></BODY></HTML> Wed, 20 Jun 2012 23:36:36 GMT https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012881#M440602 manish arora 2012-06-20T23:36:36Z https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012882#M440604 <HTML><HEAD></HEAD><BODY><P>Hi Manish,</P><P></P><P>problem is resolved, the problem was that proxy arp on the outside interface was disabled !!! </P><P></P><P></P><P>thnaks for your help</P><P></P><P>Br,</P><P>Martin </P></BODY></HTML> Thu, 21 Jun 2012 07:41:40 GMT https://community.cisco.com/t5/network-security/cisco-asa-problem-with-third-public-ip-address-in-the-subnet/m-p/2012882#M440604 prutejmartin 2012-06-21T07:41:40Z