Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4471
Views
58
Helpful
32
Replies

Having trouble matching Old PIX and new ASA configs

Go to solution
KingPrawns
Level 1
Level 1

‎07-15-2011 04:59 AM - edited ‎03-11-2019 01:59 PM

Hi, I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail.

First problem I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config.

Secondly, the server I have on there ("Sar") can't connect out to the internet.

I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on.

Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.

Cheers,

Labels:
103230-runningConf.txt.zip
0 Helpful
32 Replies 32

Go to solution
varrao
Level 10
Level 10
In response to varrao

‎09-22-2011 07:09 AM

Hi Wez,

Thanks for the data, as you can see in the captures, as soon as the firewall sends a request for the connection, the server is sending a Reset for it, so I woudl suggest you to troubleshoot why the server is sending a reset. Ceck if any firewall on the server is blocking the connection. Try putting an exception for the port 80.

S -------> SYN      (initial connection request)

R -------> Reset

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
KingPrawns
Level 1
Level 1
In response to varrao

‎09-22-2011 07:13 AM

I think I've fixed it!

The captures were returning with it all clear, so I did some digging and it looks like there was an entry in the registry for the old ip address that stopped IIS from returning any sites.

(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Pa rameters\ListenOnlyList in case anyone else has the problem.)

Once again, much appreciated!

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to KingPrawns

‎09-22-2011 07:16 AM

Hey thats great!!!!!!!! Thanks for the rating

-Varun

Thanks,
Varun Rao
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card