Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1141
Views
0
Helpful
6
Replies

Migrating from a PIX to ASA. Access lists don't work..

Go to solution
jomar050485
Level 1
Level 1

‎08-16-2011 11:04 AM - edited ‎03-11-2019 02:12 PM

Not sure why it doesn't work...I even created a capture of any any and the ASA doesn't even see the traffic to .137. It does see traffic to .136. As far as I can see, the config is identical. Packet Tracer says my config is good. Internet connectivity is good but I can't hit anything on .137. I have verified that the internal host is indeed open on those ports (as it works when the pix is in place and not when the asa is in place)

Can a fresh set of eyes help me?

I have attached the old pix config (firewallpix.txt), the new asa config (asa.txt) and the results of packet tracer (packettracer.txt)

Thanks in advanced!

Labels:
111981-asa.txt.zip
111977-packetracer.txt.zip
111982-pixfirewall.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to jomar050485

‎08-16-2011 11:22 AM

Yes, if the router still has the arp entrues for the pix device then you would not even see the packets reaching the ASA interface, so yes the captures are correct. The router woudl not know which interface to route the packets without the correct mac-address entry into the table. I am very positive this hould resolve it for you. You can try it and let me know the result.

-Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
6 Replies 6

Go to solution
varrao
Level 10
Level 10

‎08-16-2011 11:08 AM

Hi Jomar,

You migt just need to reload all the device, so that the arp tables are cleared and neqw arp entry for your ASA is craeted, try it and let me know if it works.

Thanks,

Varun

Please rate if helpful.

Thanks,
Varun Rao
0 Helpful

Go to solution
jomar050485
Level 1
Level 1
In response to varrao

‎08-16-2011 11:19 AM

Very good point Varun! But wouldn't I still see the traffic going to .137 in a capture?

I had to roll back and add the pix back since this is for an email server. I will try again tomorrow

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to jomar050485

‎08-16-2011 11:22 AM

Yes, if the router still has the arp entrues for the pix device then you would not even see the packets reaching the ASA interface, so yes the captures are correct. The router woudl not know which interface to route the packets without the correct mac-address entry into the table. I am very positive this hould resolve it for you. You can try it and let me know the result.

-Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
jomar050485
Level 1
Level 1
In response to varrao

‎08-16-2011 12:27 PM

Thanks Varun.

There is no router involved though. Do you mean the ISP router? I can't clear those ARP entries. The ASA is directly connected to the smartjack.

0 Helpful

Go to solution
jomar050485
Level 1
Level 1
In response to varrao

‎08-17-2011 09:23 AM

You were correct. Client informed me of a modem that was on site. Once we restarted it, everything went well!

Thanks for the insight!

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to jomar050485

‎08-17-2011 09:29 AM

Glad it work well for you , thanks for the rating.

-Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top