10-19-2009 12:43 AM
Hi,
I have problems with SA540 and NAT. I’m trying to use three public IP-addresses. One is for SA540, one is for Exchange-server and one is for Citrix server. I have read the SA540 Admin Guide and follow the instructions but the NAT doesn’t work. I can access to SA540 from the outside network but there is no connection for Exchange or Citrix servers from the outside networks. I have used Cisco ASA5505 before and they works just fine so I think some kind on knowledge about how this things should work. This is how I have done the Firewall rules (example is from HTTPS rule):
From Zone: WAN
To Zone: LAN
Service: HTTPS
Action: ALLOW ALWAYS
Source Host: Any
Internal IP address: a.b.c.d (Exchange-server private IP)
External IP address: Other
Other IP address: e.f.g.h (Exchange-server public IP)
10-30-2009 11:44 AM
There is a bug written for the problem that you are seeing. It isn't resolved yet. I will let you know when this is resolved. I do apologize for the inconvenience.
The bug ID is CSCtc52591.
10-30-2009 01:37 PM
Thanks for your answer. We already get ASA5505 which is quite familiar to me. But it would be nice if we get the SA540 up and running so that we can use it in future.
regards,
Jani Havia
11-03-2009 03:13 PM
Does this apply to all static NAT'ing on this device? Makes it pretty useless for anyone who has a server they need to expose. Can you do a PAT only without a one-to-one? I think this will be the last time I get burned by this Cisco SMB stuff. All these devices end up being overpriced subpar POS's.
11-03-2009 03:47 PM
You can do it with a single IP address. The problem is with multiple IP addresses.
11-04-2009 02:35 AM
Any ETA on when this will be resolved? This is a serious issue that makes the device fairly useless!
11-04-2009 02:39 AM
I have the same problem and I have 4 webservers that I need to connect so when can we expect this problem to be solved?
11-04-2009 05:46 AM
As mentioned, this issue has a bug ID and will be addressed in the next revision of firmware. As of now, there is not an ETA on the release.
11-10-2009 08:52 PM
I guess the SA 520W has the same problem?
i just bought 2 of those and have no direct need for that feature but i was planning on buying the SA540 for our main office for the SSL-VPN.
But for that one i need that feature.
Is there a place where we can check on updates on the bugfix? or can we sign up for an alert when the new firmware comes out?
No command line access on these boxes?
Thanks,
R.
11-11-2009 07:31 AM
...
11-11-2009 06:14 AM
As mentioned there is a bugtrack that is only available at this point to Cisco employee's.
The firmware for the SA540 is the same firmware for all SA500 devices so any issue with one platform will be carried across to the others.
There is no command line access to the SA500 devices.
11-13-2009 04:19 AM
I opened a case about this and they told me "there is no practice of presenting Beta versions of firmware to the customers" so no luck for me.
11-13-2009 04:29 AM
Dubbel post
11-13-2009 05:28 AM
Who did you open a case with? What is your case (SR) number?
Let me look it up and make sure the case was submitted properly.
You may also call the STAC at 1.866.606.1866
11-13-2009 05:41 AM
My case number is SR 612962033
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide