We currently have an ADSL line although we got a virgin fibre/superhub install a while back now but I have not had chance to troubleshoot this fully.
So we currently have a Cisco ASA 5505 connected to netgear ADSL modem and for all intense and purposes the ASA deals with the connection. I have put the 'current' config below which shows that we use several Public IP's as we run our own Active Directory domain with Exchange and a few other services.
My idea was that I could just change the current public IP's to the new ones and everything should be good but all I managed to do was to get internet to the end clients (PC's and laptops) but none of the external services could communicate back to the servers, so my thought here is that external connections are created succesfully but incoming do not get to their destination.
So the config below is the current config that works fine with current ADSL modem, I did change all the public IPs to the new IPs and then plugged the external in to the Superhub. External DNS was changed in the morning and still 8 hours later there was still no mail (and other traffic getting in). I also tried to connect externally back in to the network with the citrix IP instead of the hostname which also failed (this works with the current setup)
During the change over clients had internet access and could also send emails out but no connections could be made back in. My thought is that previously the ASA was making the connection back to the service provider but now the SuperHub is doing this and it does not seem to be possible to get SuperHub to be just a modem and not a router. Maybe I have to give the EXTERNAL address on the ASA a private IP and then get the superhub to port forward to that address? But then how with the ASA NAT outgoing connections? Maybe I need two connections going back to the SuperHub, one for external traffic and then one for connections coming back in?
Thanks in Advance, my knowledge of ASA's is limited so any pointers would great. I called up Virgin and was told that as there was a a proven connection back to the superhub there part was done....
Old (current) config
ASA Version 7.2(4)
name “publicIP-02” citrix.mydomain.com
name “publicIP-03” mail.mydomain.com
name “publicIP-04” webmail.mydomain.com
name “publicIP-05” remote.mydomain.com
name “publicIP-06” sharepoint.mydomain.com description SharePoint Access
name “publicIP-07” vdi.mydomain.com description VDI-IN-A-BOX
name 192.168.0.4 EXCH-01 description EXCH-01
name 192.168.0.250 Access_Gateway
name 192.168.0.10 XA-01 description XA-01
name 192.168.0.6 SP-02 description SP-02
name 192.168.0.248 NS-01 description CAG
ip address 192.168.0.254 255.255.255.0
pppoe client vpdn group “mygroupname”
ip address “publicIP-01” 255.255.255.255 pppoe setroute
no forward interface Vlan1
ip address 172.16.0.254 255.255.255.0
switchport access vlan 2
ftp mode passive
dns server-group DefaultDNS
object-group service DM_INLINE_TCP_1 tcp
port-object eq https
port-object eq smtp
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
access-list outside_access_in extended permit tcp any host webmail.mydomain.com object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any host citrix.mydomain.com eq https
access-list outside_access_in extended permit tcp any host mail.mydomain.com object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any host bpc.mydomain.com eq https
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host vdi.mydomain.com eq https