Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
1
Replies

ASA not passing traffic to new servers, same IP

RichardBeach46587
Level 1
Level 1

‎04-27-2020 08:01 AM

Hello all,

Just want to bounce this off you...

 

Today during an upgrade of a server I changed the physical server with a new server. Same IP address and an updated version of Zimbra mail. However, after I moved to the new server (Centos7) I am unable to get to the server through the ASA. Internally I am able to reach the mail server fine. 

 

Nothing changed on the ASA...Nat rules are the same, access rules are the same

 

I flushed the arp records...

 

I even rebooted the whole system. (ASA)

 

I verified that SELINUX and iptables are off on the server...

 

Is there anything you can think of that I might not have? 

 

Thanks for the help...

 

Rich

0 Helpful
1 Reply 1

caroldso
Cisco Employee
Cisco Employee

‎04-29-2020 10:15 PM

Hi Rich,

 

We need to first confirm if the packets are reaching the ASA and being sent out as well which can be done by configuring packet captures on the ingress and egress interfaces of the ASA by the below commands:

 

capture <capin> interface <inside> match <ip> host <src IP> host <dst IP>

capture <capout> interface <outside> match <ip> host <src IP> host <dst IP>

 

asp captures would capture any packets dropped by the ASA:

 

capture <asp> type asp-drop all

 

The packet captures to be viewed by the command:

 

show capture <capture_name>

 

If we do see packets leaving the ASA, we will have to check on the devices between the ASA and the server and trace the same.

 

Thanks,

Carol

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card