04-01-2009 10:03 AM - edited 03-11-2019 08:13 AM
Reposting in a new thread since the old one seems to have died...
I'm migrating from a PIX 515 to an ASA 5520. The config was created using the PIX to ASA migration tool. The ASDM Packet Tracer shows outbound traffic failing due to NAT.
Config
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (199.216.81.20)
translate_hits = 971, untranslate_hits = 74
The old PIX config:
global (outside) 1 199.216.81.20
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
The new ASA config:
global (outside) 1 199.216.81.20 netmask 255.255.255.255
nat (inside) 1 0.0.0.0 0.0.0.0
Any thoughts on why it might be failing?
Rob
04-01-2009 02:07 PM
"Ever see Office Space? This ASA is looking more and more like the fax machine from that movie... :)"
Is that a movie ? - never seen it but don't despair.
172.16.130.67 is part of the management vlan. What happens if you ping from an internal IP address that is not part of the management vlan. Is this possible ?
Jon
04-01-2009 02:44 PM
Yes it's a movie and I recommend it. :)
Now some good news - I can surf from our remote sites on other subnets. Jon thank you for suggesting that. Some progress!
What do I need to change to allow 172.16.128.0/22 ?
04-01-2009 03:00 PM
Robert
"What do I need to change to allow 172.16.128.0/22 ?"
Not sure to be honest. Is there a reason why you want the management vlan to be able to access the Internet as the management vlan is primarily for managing the ASA device not providing access ?
Office Space - okay if i can find it i'll have a look but it had better be good :-)
Jon
04-01-2009 03:10 PM
It's not actually the management vlan it's the subnet of our main office where the device is housed. I was using that to remote configure the device.
Ultimately I need to change the ip/subnet/vlan of the management interface.
04-01-2009 03:36 PM
Robert
I suspect the issues you are experiencing are to do with the fact you are using the management interface.
It's times like these i wish i had an ASA device to play with :-)
Jon
04-02-2009 08:22 AM
Jon,
Well, I removed all references to that management interface - shut it right down and unplugged it.
I remain able to surf at our remote sites, but not here at the central office.
Rob
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: