https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285474#M793691 <HTML><HEAD></HEAD><BODY><P>I found out something.</P><P></P><P>It seems to be an MTU problem. Normal (default) ping is ok. Ping with -l switch, gives problems. A packet size of 214 is ok, from 215 it goes wrong.. </P><P>Client is behind WLC controller btw..</P><P>Maybe the problem is on the WLC... </P></BODY></HTML> Thu, 17 Sep 2009 07:54:40 GMT remco.gussen 2009-09-17T07:54:40Z https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285472#M793689 <P>We have an ASA 5550 cluster behind a PIX 525 firewall. I'm trying to connect to the internet that is behind the PIX 525 from an inside host behind the ASA. I configured overload on the ASA outside interface (Dynamic NAT rule). The ASA outside interface is connected to the PIX 525 DMZ segment. Also, there is a Dynamic NAT rule on the PIX for overloading all DMZ addresses to the Outside PIX interface (Internet).</P><P>From my inside host i can ping addresses on the internet (<A href="http://www.google.nl" target="_blank">www.google.nl</A>), but a websession is not possible. On both firewalls the NAT rules are ok,firewall policies permit ip any.</P><P>I also did a test to make a static nat rule for port 3389 on the PIX and on the ASA. I tried to set up a RDP connection form the Internet to my inside host. Netstat -an on inside host display an "Established" connection on port 3389 from the Outside internet host.. On my outside Internet host, it takes 30 seconds, noting there...</P><P>I don't know where to find the solution to this problem.. </P> Tue, 26 Mar 2019 00:43:23 GMT https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285472#M793689 remco.gussen 2019-03-26T00:43:23Z https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285473#M793690 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>what does the log of Pix &amp; ASA shows.</P><P></P><P>Thanks </P><P>AP</P></BODY></HTML> Thu, 17 Sep 2009 07:16:22 GMT https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285473#M793690 apdatasoft 2009-09-17T07:16:22Z https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285474#M793691 <HTML><HEAD></HEAD><BODY><P>I found out something.</P><P></P><P>It seems to be an MTU problem. Normal (default) ping is ok. Ping with -l switch, gives problems. A packet size of 214 is ok, from 215 it goes wrong.. </P><P>Client is behind WLC controller btw..</P><P>Maybe the problem is on the WLC... </P></BODY></HTML> Thu, 17 Sep 2009 07:54:40 GMT https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285474#M793691 remco.gussen 2009-09-17T07:54:40Z https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285475#M793692 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> What is the version running on your WLC,as there is a know bug for MTU less than 1500 on WLC.The solution is to upgrade the controller firmware to 4.0(155)</P><P></P><P>thanks</P><P></P><P>Sachin Verma</P></BODY></HTML> Thu, 17 Sep 2009 11:23:39 GMT https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285475#M793692 sachin.verma 2009-09-17T11:23:39Z https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285476#M793693 <HTML><HEAD></HEAD><BODY><P>6.0.182.0</P><P></P><P>Newest version !!!</P><P></P><P></P></BODY></HTML> Thu, 17 Sep 2009 11:42:56 GMT https://community.cisco.com/t5/network-security/asa-behind-pix-problems/m-p/1285476#M793693 remco.gussen 2009-09-17T11:42:56Z