You are unable to make Internet connections through the PIX/ASA Firewall when the Network Address Translation (NAT) pool extends past the network designated on the upstream router for the PIX IP range.
The syn packets go through the PIX Firewall, however no return packets go to the PIX Firewall.
In order to troubleshoot this issue, complete these steps:
Take captures in order to determine how the packets traverse through the PIX Firewall.
Check the xlate entries in the PIX in order to ensure that the translation through the PIX is created.
Check the upstream router in order to make sure that you get the response packets back to the PIX Firewall.
Make sure that the upstream router is able to route the response packets back to the PIX Firewall.
Refer to the capture command for more information and in order to understand how to create captures and apply them to the PIX configuration.
Hello Please help me find sizing guide about number of concurrent users or devices for for Cisco Firepower 1000 series. For throughput specification I already find in datasheet. Model- Cisco Firepower 1010- Cisco Firepower 1120- Cisco Firep...
Hi Community I have a question with regards to the migration of ACS to ISE. Now I am aware of the process of migrating ACS 5.x to ISE2.x using the ACS-ISE migration tool. I also know that this migration needs to be done to a newly configured ISE serv...
Hello,Currently we have a network-object group BLACKLIST. In this list is a bunch of IPs that are trying to dictionary attack one of our webservers. It has done a great deal by cutting down traffic by half, but its not completely stopped. ...
Hi,We have just received new FPR2120 appliance and we aim to install ASA OS on it. We tried to follow this link "Cisco Firepower 2100 Getting Started Guide"https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg...
Hi community, i wonder if there is a way to configure anyconnect users or vpn profile to force automatic disconnect after n hours? The client wants to enable this feature but i didn´t find anything like that to be possible in the ASA configurat...