Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
708
Views
0
Helpful
0
Comments

Unable make Internet connections through the PIX/ASA Firewall

TCC_2
Level 10
Level 10

‎06-22-2009 05:08 PM - edited ‎03-08-2019 06:22 PM

Core issue

You are unable to make Internet connections through the PIX/ASA Firewall when the Network Address Translation (NAT) pool extends past the network designated on the upstream router for the PIX IP range.

The syn packets go through the PIX Firewall, however no return packets go to the PIX Firewall.

Resolution

In order to troubleshoot this issue, complete these steps:

  1. Take captures in order to determine how the packets traverse through the PIX Firewall.

  2. Check the xlate entries in the PIX in order to ensure that the translation through the PIX is created.

  3. Check the upstream router in order to make sure that you get the response packets back to the PIX Firewall.

  4. Make sure that the upstream router is able to route the response packets back to the PIX Firewall. 

Refer to the capture command for more information and in order to understand how to create captures and apply them to the PIX configuration.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents