04-20-2011 07:40 AM - edited 03-11-2019 01:23 PM
We have 2 firewalls on PIX facing the Internet and connected to interface e1 (behind it) an ASA version 8.3
Both the PIX (Firewall facing) and the ASA are on the same subnet.
By using Routing statements and statics I have been able to reroute specific traffic to the ASA5520 version 8.3
Now I need to inverse the 2 devices. The ASA5520 will be facing the Internet and the PIX will be behind it.
Unfortunately the ASA5520 is refusing to route the traffic to the PIX. The access-lists are open accordingly and a NAT on the ASA has been created.
Any ideas?
Many Thanks
Jacques
04-20-2011 08:06 AM
Jacques,
There are too many things that can go wrong to speculate without any information. Can you attach your configs? What do you see in the syslogs? You can run packet captures on all the Pix and ASA interfaces with the capture command. This can help you tell whether the devices are receiving the traffic in question on the ingress interface and forwarding it out the appropriate egress interface.
Thanks,
Brendan
04-21-2011 03:21 AM
Hi, Thanks but now everything is in order
basically Static to be configured, ensure that the Security Level on the Interfaces aren't the same (it was 0 ) on both interfaces and create an access-list for Outgoing traffic.
Regards
Jacques
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide