cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


500
Views
10
Helpful
38
Replies

Re: Cisco ASA 5506 DMZ setup

Yes nameif DMZ and security-level 20. Removed the configuration on the old interface and shut it down. Did a no shut on the new interface and it stays down down.

Beginner

Re: Cisco ASA 5506 DMZ setup

This is strange, suggest you to contact cisco TAC.



HTH
### RATE ALL HELPFUL RESPONSES ###

Re: Cisco ASA 5506 DMZ setup

I already have a TAC opened with our supplier, am waiting on their response. Behaviour is very strange because all interfaces from gi1/5 to gi1/8 are showing the same error. Only gi1/4 will come to a up up state but will not communicate with the switch but will have connected links on the interfaces.

VIP Advocate

Re: Cisco ASA 5506 DMZ setup

Have you checked show conn detail to make sure the connections are being forwarded between the correct interfaces?

Another thing to check is show xlate and make sure NAT is being seen correctly.

dont be too hung up in show arp at the moment.  Instead be more concerned with show mac. Are you seeing a mac address on that interface?

Lastly have you tried a reload?  It is possible that there are some processes that are hanging.

--
Please remember to rate and select a correct answer

Re: Cisco ASA 5506 DMZ setup

Hello Marius,

 

Yes the sh conn detailed only shows connections on the outside to the voice and inside networks. NAT is correct on the voice and inside network on the sh xlate. sh mac on the uplink interface of the switch to the ASA interface is not showing. Reload I have to coordinate because this ASA is production.

 

VIP Advocate

Re: Cisco ASA 5506 DMZ setup

Ok, let us know if you are able to perform a reload of the ASA.  I have seen similar issues where traffic isnt passing, clear conn did nothing, but reload solved the issue. 

--
Please remember to rate and select a correct answer

View solution in original post

Re: Cisco ASA 5506 DMZ setup

Thank you Marius, that did the trick. I now have normal connection on the dmz host and now can apply the acl to let the outside in on the DMZ.

Beginner

Re: Cisco ASA 5506 DMZ setup

Good to hear your problem is solved.
I was also thinking to ask you for reboot but after seeing the device is up for more than a year it will be hard to ask you for a reboot and also was not 100% sure that it will resolve your problem.

HTH
### RATE ALL HELPFUL RESPONSES ###
Highlighted

Re: Cisco ASA 5506 DMZ setup

Also thanks for you help bhargavdesai, am now looking at the correct acl for http and https access. But that will be no problem.