12-30-2014 02:15 AM - edited 03-11-2019 10:17 PM
Hello, we have recently purchased a new Cisco ASA 5545-x running version 9.1 with ASDM 7.1. I was able to configure the firewall for internal access to the outside, and have our remote site-to-site VPN tunnels working.
However, when I try to configure static PAT and ACL for access to our internal servers,our ouside network unable to access our inside servers that are connected to the DMZ interface but the hosts in the inside are able to access the servers located in the DMZ .
Outside traffic are trying to access below servers from gateway through the dmz to the servers.
below are the ip's for the dmz,inside,outside interfaces:
Context: single_vf, Interface: DMZ
192.168.200.46 Active 0016.3e1a.6c1d hits 0
192.168.200.45 Active 00ff.4cdb.3a68 hits 353
192.168.200.37 Active 0026.557e.c22a hits 9
192.168.200.5 Active 0023.7de9.06f4 hits 17060
192.168.200.44 Active 18a9.0576.edd8 hits 193
192.168.200.220 Active 0023.ead2.34c0 hits 134
192.168.200.47 Active f4ce.4680.77c4 hits 5
192.168.200.35 Active 0026.557c.1d80 hits 10496
192.168.200.36 Active 0016.3e5c.6400 hits 40
Context: single_vf, Interface: inside
192.168.55.2 Active 0000.0c07.ac37 hits 491437
Context: single_vf, Interface: outside
87.101.181.165 Active 0024.1466.12e7 hits 3179
86.51.14.50 Active 0024.1466.12e7 hits 190993
I have attached a running config as well for your reference.
I have this configuration working on ASA-5510 unfortunately i had to do roll back to this firewall ASA 5510 from the new one connected to do the ASA 5545-x.
Please advise.
Thank you...
Farooq Mirza.
Solved! Go to Solution.
12-30-2014 02:24 AM
Hi,
I think you would need to share the Non-Working configuration from the ASA device as well.
Also , try to run the packet tracer simulating the traffic from the Outside to Inside and see which policy is dropping the traffic for you.
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer
Thanks and Regards,
Vibhor Amrodia
12-30-2014 05:12 AM
It is a little unclear if you are trying to access the servers from the internet or if you are having problems accessing the servers over the VPN?
If you are trying to access the servers over the VPN then make sure that the server IP addresses are included in the VPN ACL and that this traffic is also excluded from being NATed. This needs to be done at both ends of the VPN tunnel.
If you require further help, please be more specific in where you are trying to access the servers from and, if this is over the VPN, please provide the running config from both sites. This should be the running config of the two ASAs that are working incorrectly and not the running config of the rollback ASA.
--
Please remember to select a correct answer and rate helpful posts
12-30-2014 02:24 AM
Hi,
I think you would need to share the Non-Working configuration from the ASA device as well.
Also , try to run the packet tracer simulating the traffic from the Outside to Inside and see which policy is dropping the traffic for you.
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer
Thanks and Regards,
Vibhor Amrodia
12-30-2014 06:12 AM
12-30-2014 05:12 AM
It is a little unclear if you are trying to access the servers from the internet or if you are having problems accessing the servers over the VPN?
If you are trying to access the servers over the VPN then make sure that the server IP addresses are included in the VPN ACL and that this traffic is also excluded from being NATed. This needs to be done at both ends of the VPN tunnel.
If you require further help, please be more specific in where you are trying to access the servers from and, if this is over the VPN, please provide the running config from both sites. This should be the running config of the two ASAs that are working incorrectly and not the running config of the rollback ASA.
--
Please remember to select a correct answer and rate helpful posts
12-30-2014 09:59 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide