08-16-2011 11:04 AM - edited 03-11-2019 02:12 PM
Not sure why it doesn't work...I even created a capture of any any and the ASA doesn't even see the traffic to .137. It does see traffic to .136. As far as I can see, the config is identical. Packet Tracer says my config is good. Internet connectivity is good but I can't hit anything on .137. I have verified that the internal host is indeed open on those ports (as it works when the pix is in place and not when the asa is in place)
Can a fresh set of eyes help me?
I have attached the old pix config (firewallpix.txt), the new asa config (asa.txt) and the results of packet tracer (packettracer.txt)
Thanks in advanced!
Solved! Go to Solution.
08-16-2011 11:22 AM
Yes, if the router still has the arp entrues for the pix device then you would not even see the packets reaching the ASA interface, so yes the captures are correct. The router woudl not know which interface to route the packets without the correct mac-address entry into the table. I am very positive this hould resolve it for you. You can try it and let me know the result.
-Varun
08-16-2011 11:08 AM
Hi Jomar,
You migt just need to reload all the device, so that the arp tables are cleared and neqw arp entry for your ASA is craeted, try it and let me know if it works.
Thanks,
Varun
Please rate if helpful.
08-16-2011 11:19 AM
Very good point Varun! But wouldn't I still see the traffic going to .137 in a capture?
I had to roll back and add the pix back since this is for an email server. I will try again tomorrow
08-16-2011 11:22 AM
Yes, if the router still has the arp entrues for the pix device then you would not even see the packets reaching the ASA interface, so yes the captures are correct. The router woudl not know which interface to route the packets without the correct mac-address entry into the table. I am very positive this hould resolve it for you. You can try it and let me know the result.
-Varun
08-16-2011 12:27 PM
Thanks Varun.
There is no router involved though. Do you mean the ISP router? I can't clear those ARP entries. The ASA is directly connected to the smartjack.
08-17-2011 09:23 AM
You were correct. Client informed me of a modem that was on site. Once we restarted it, everything went well!
Thanks for the insight!
08-17-2011 09:29 AM
Glad it work well for you , thanks for the rating.
-Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide