topic Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4 in Network Security

ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Mon, 11 Mar 2019 22:14:37 GMT

Hi, I hope someone can help me. An ASA5510 (with 1 webserver behind it, just starting to build the cluster) was functioning OK with version 8.2: I was able to log in using RDP to the server bhind it from some trusted IP's.

I updated ASDM to the latest version 6.4.7, and then the ASA-software to 8.3.2. After reloading, I could not access the server anymore. I saw that changes were made to the config. Then I updated to version 8.4.3, same results of course, and this is the config. Can anyone help me by telling what I should change to get it working again?

Thx very much!

cisco# sh ru

: Saved

ASA Version 8.4(3)

hostname cisco

domain-name domainname.com

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd MOhAB706upGiCD8v encrypted

names

name XX.XX.152.102 ipOutside

name 172.16.152.126 ipInside

name XX.XX.152.126 ipGateway

name XX.XX.154.12 ipTimeServer

name XX.XX.227.113 srcJaapHQ

name XX.XX.36.186 srcJaapHQ2

name XX.XX.74.202 srcCasperHome

name 172.16.152.103 svrWE02_ILO_Inside

name XX.XX.152.103 svrWE02_ILO_Outside

name 172.16.152.104 svrWE02Inside

name XX.XX.152.104 svrWE02Outside

name XX.XX.198.101 srcEvoSwitch

dns-guard

interface Ethernet0/0

nameif outside

security-level 0

ip address ipOutside 255.255.255.224

interface Ethernet0/1

nameif inside

security-level 100

ip address ipInside 255.255.255.0

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

boot system disk0:/asa843-k8.bin

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns server-group DefaultDNS

domain-name webenable.nl

object-group network obj-172.16.152.0

object-group network svrWE02Inside

object-group network svrWE02Outside

object-group network obj_any

object-group network svrWE02_ILO_Outside

object-group network FullyTrustedSources

network-object host srcCasperHome

network-object host srcJaapHQ

network-object host srcJaapHQ2

network-object host srcEvoSwitch

object-group service Services_NonPublic_WE02ILO tcp

port-object eq www

object-group service Services_NonPublic_WE02 tcp

port-object eq 3389

port-object eq www

access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255.0

access-list Private standard permit 172.16.199.0 255.255.255.0

access-list outside_access_in extended permit icmp object-group FullyTrustedSources any

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-647.bin

no asdm history enable

arp timeout 14400

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 ipGateway 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http srcJaapHQ 255.255.255.255 outside

http srcJaapHQ2 255.255.255.255 outside

http srcCasperHome 255.255.255.255 outside

http 172.16.152.0 255.255.255.0 inside

http srcEvoSwitch 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh srcJaapHQ 255.255.255.255 outside

ssh srcJaapHQ2 255.255.255.255 outside

ssh srcCasperHome 255.255.255.255 outside

ssh srcEvoSwitch 255.255.255.255 outside

ssh 172.16.152.0 255.255.255.0 inside

ssh 192.168.1.0 255.255.255.0 management

ssh timeout 5

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server ipTimeServer source outside prefer

ssl encryption des-sha1

webvpn

username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http

https://tools.cisco.com/its/service/oddce/services/DDCEService

destination address email

callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:cb5e56b7cbba929561d64f896d7c7076

: end

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

andrew.prince — Sun, 15 Jan 2012 20:38:26 GMT

compare the config before the upgrade from 8.2 > 8.3 to see the differences

Sent from Cisco Technical Support iPad App

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Sun, 15 Jan 2012 20:45:40 GMT

Sure, I did that. I noticed that the configurationsyntax has changed, and was converted automatically. Unfortunately not in a correct way. Since I am not familiar with this new syntax, I hope some expert will help me...

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

andrew.prince — Sun, 15 Jan 2012 20:53:13 GMT

post the before and after config changes

Sent from Cisco Technical Support iPad App

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Sun, 15 Jan 2012 21:17:35 GMT

This is the working 8.2 config...

cisco# sh ru

: Saved

ASA Version 8.2(3)

hostname cisco

domain-name domainname.com

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd MOhAB706upGiCD8v encrypted

names

name XX.XX.152.102 ipOutside

name 172.16.152.126 ipInside

name XX.XX.152.126 ipGateway

name XX.XX.154.12 ipTimeServer

name XX.XX.227.113 srcJaapHQ

name XX.XX.36.186 srcJaapHQ2

name XX.XX.74.202 srcCasperHome

name 172.16.152.103 svrWE02_ILO_Inside

name XX.XX.152.103 svrWE02_ILO_Outside

name 172.16.152.104 svrWE02Inside

name XX.XX.152.104 svrWE02Outside

name XX.XX.198.101 srcEvoSwitch

dns-guard

interface Ethernet0/0

nameif outside

security-level 0

ip address ipOutside 255.255.255.224

interface Ethernet0/1

nameif inside

security-level 100

ip address ipInside 255.255.255.0

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

boot system disk0:/asa823-k8.bin

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns server-group DefaultDNS

domain-name webenable.nl

object-group network FullyTrustedSources

network-object host srcCasperHome

network-object host srcJaapHQ

network-object host srcJaapHQ2

network-object host srcEvoSwitch

object-group service Services_NonPublic_WE02ILO tcp

port-object eq www

object-group service Services_NonPublic_WE02 tcp

port-object eq 3389

port-object eq www

access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255 .0

access-list Private standard permit 172.16.199.0 255.255.255.0

access-list outside_access_in extended permit icmp object-group FullyTrustedSour ces any

access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02_ILO_Outside object-group Services_NonPublic_WE02ILO

access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02Outside object-group Services_NonPublic_WE02

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-647.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) svrWE02Outside svrWE02Inside netmask 255.255.255.255 dns

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 ipGateway 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http srcJaapHQ 255.255.255.255 outside

http srcJaapHQ2 255.255.255.255 outside

http srcCasperHome 255.255.255.255 outside

http 172.16.152.0 255.255.255.0 inside

http srcEvoSwitch 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh srcJaapHQ 255.255.255.255 outside

ssh srcJaapHQ2 255.255.255.255 outside

ssh srcCasperHome 255.255.255.255 outside

ssh srcEvoSwitch 255.255.255.255 outside

ssh 172.16.152.0 255.255.255.0 inside

ssh 192.168.1.0 255.255.255.0 management

ssh timeout 5

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server ipTimeServer source outside prefer

ssl encryption des-sha1

webvpn

username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http

https://tools.cisco.com/its/service/oddce/services/DDCEService

destination address email

callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:c1b8bfe8908dc6a75844416f896b1845

: end

cisco# sh ru

: Saved

ASA Version 8.2(3)

hostname cisco

domain-name webenable.nl

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd MOhAB706upGiCD8v encrypted

names

name XX.XX.152.102 ipOutside

name 172.16.152.126 ipInside

name XX.XX.152.126 ipGateway

name 213.239.154.12 ipTimeServer

name 213.144.227.113 srcJaapHQ

name 95.97.36.186 srcJaapHQ2

name 213.125.74.202 srcCasperHome

name 172.16.152.103 svrWE02_ILO_Inside

name XX.XX.152.103 svrWE02_ILO_Outside

name 172.16.152.104 svrWE02Inside

name XX.XX.152.104 svrWE02Outside

name XX.XX.198.101 srcEvoSwitch

dns-guard

interface Ethernet0/0

nameif outside

security-level 0

ip address ipOutside 255.255.255.224

interface Ethernet0/1

nameif inside

security-level 100

ip address ipInside 255.255.255.0

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

boot system disk0:/asa823-k8.bin

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns server-group DefaultDNS

domain-name webenable.nl

object-group network FullyTrustedSources

network-object host srcCasperHome

network-object host srcJaapHQ

network-object host srcJaapHQ2

network-object host srcEvoSwitch

object-group service Services_NonPublic_WE02ILO tcp

port-object eq www

object-group service Services_NonPublic_WE02 tcp

port-object eq 3389

port-object eq www

access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255 .0

access-list Private standard permit 172.16.199.0 255.255.255.0

access-list outside_access_in extended permit icmp object-group FullyTrustedSour ces any

access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02_ILO_Outside object-group Services_NonPublic_WE02ILO

access-list outside_access_in extended permit tcp object-group FullyTrustedSourc es host svrWE02Outside object-group Services_NonPublic_WE02

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-647.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) svrWE02Outside svrWE02Inside netmask 255.255.255.255 dns

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 ipGateway 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http srcJaapHQ 255.255.255.255 outside

http srcJaapHQ2 255.255.255.255 outside

http srcCasperHome 255.255.255.255 outside

http 172.16.152.0 255.255.255.0 inside

http srcEvoSwitch 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh srcJaapHQ 255.255.255.255 outside

ssh srcJaapHQ2 255.255.255.255 outside

ssh srcCasperHome 255.255.255.255 outside

ssh srcEvoSwitch 255.255.255.255 outside

ssh 172.16.152.0 255.255.255.0 inside

ssh 192.168.1.0 255.255.255.0 management

ssh timeout 5

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server ipTimeServer source outside prefer

ssl encryption des-sha1

webvpn

username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

destination address email

callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:c1b8bfe8908dc6a75844416f896b1845

: end

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

andrew.prince — Sun, 15 Jan 2012 22:47:54 GMT

you are missing config on the outside_in access list, and your nat config missing. Fix these 2 things and it should all work for you.

Sent from Cisco Technical Support iPad App

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Mon, 16 Jan 2012 10:03:58 GMT

Ok, thanks! I made the changes according to this tutorial-video: https://supportforums.cisco.com/docs/DOC-12324

and it works!

Great!

Re: ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Mon, 16 Jan 2012 10:47:54 GMT

For anyone else who needs a simple ASA5510 config with some static routes to use webservers, here's the basic config:

ASA Version 8.4(3)

hostname cisco

domain-name domainname.com

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd MOhAB706upGiCD8v encrypted

names

name XX.XX.152.102 ipOutside

name 172.16.152.126 ipInside

name XX.XX.152.126 ipGateway

name 213.239.154.12 ipTimeServer

name XX.XX.74.202 srcHome

dns-guard

interface Ethernet0/0

nameif outside

security-level 0

ip address ipOutside 255.255.255.224

interface Ethernet0/1

nameif inside

security-level 100

ip address ipInside 255.255.255.0

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns server-group DefaultDNS

domain-name webenable.nl

object network svrWE02

host 172.16.152.104

object network svrWE02ILO

host 172.16.152.103

object-group network FullyTrustedSources

network-object host srcHome

object-group service Services_NonPublic_WE02ILO tcp

port-object eq www

port-object eq https

port-object eq ssh

port-object eq 17990

port-object eq 17988

port-object eq 623

object-group service Services_NonPublic_WE02 tcp

port-object eq 3389

port-object eq www

access-list inside_nat0_outbound extended permit ip any 172.16.152.0 255.255.255.0

access-list Private standard permit 172.16.152.0 255.255.255.0

access-list outside_access_in extended permit icmp object-group FullyTrustedSources any

access-list outside_access_in extended permit tcp object-group FullyTrustedSources host 172.16.152.104 object-group Services_NonPublic_WE02

access-list outside_access_in extended permit tcp object-group FullyTrustedSources host 172.16.152.103 object-group Services_NonPublic_WE02ILO

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-647.bin

no asdm history enable

arp timeout 14400

object network svrWE02

nat (inside,outside) static XX.XX.152.104

object network svrWE02ILO

nat (inside,outside) static XX.XX.152.103

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 ipGateway 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http srcHome 255.255.255.255 outside

http 172.16.152.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh srcHome 255.255.255.255 outside

ssh 172.16.152.0 255.255.255.0 inside

ssh 192.168.1.0 255.255.255.0 management

ssh timeout 5

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server ipTimeServer source outside prefer

ssl encryption des-sha1

webvpn

username admin password ztUzXsDyW6EdO7Uz encrypted privilege 15

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

service-policy global_policy global

prompt hostname context

Cryptochecksum:8b55959660d6ea2b0359d80b83d414bc

: end

ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Davy Ad — Wed, 18 Apr 2012 11:41:36 GMT

Hello ,

Could you help please?

I have the same problem like yours I upgraded from 8.0 to 8.4(2), but i can access Internet at the moment.

Would youtry to explaine how to configure you nat please

In my case i have these ;

nat (inside) 1 00

global (outside) 1 interface

nat ( inside ) 0 access-list inside-nat0-outbound

global (inside) 2 interface

I would be glad on your feed bac

Cheers

ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Wed, 18 Apr 2012 12:06:03 GMT

The upgrade does make some 'changes' but I my case the firewall did not function anymore. I'll try to help you, but first you should tell what you want the ASA to do _exactly_.

ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Davy Ad — Wed, 18 Apr 2012 12:30:47 GMT

I just want to be connected to Internet , although my ASA5510 are in Active /Standby mode

ASA5510 not working ok after upgrade 8.2 -> 8.3 -> 8.4

Casperdegeus — Tue, 24 Apr 2012 07:30:21 GMT

Ok, then you should add a static route like this (for one server to access the internet),

where YourInsideServerIP could be like 10.0.0.1, YourGatewayIP 10.0.0.254

object network YourServerName

host YourInsideServerIP

object network YourServerName

nat (inside,outside) static YourOutsideIP

access-list inside_nat0_outbound extended permit ip any 10.0.0.0 255.255.255.0

access-list Private standard permit 10.0.0.0 255.255.255.0

route outside 0.0.0.0 0.0.0.0 YourGatewayIP 1