cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
149
Views
0
Helpful
2
Replies
abclabsmo
Beginner

ASA5512X DMZ traffic default route

I am working on moving from our ASA5510 to an ASA5512 and am rebuilding the config from scratch as a clean up.  When I put the 5512 into prod we have a problem with our Sophos Proxy appliance in the DMZ.  It can not get out to the internet however users can get to it just fine from the inside and outside.  It has one foot in the DMZ (Nat'd) and one foot on the trusted network.

 

If I look at the ASA logs I see the traffic from the Sophos DMZ link going to outside IPs but it is hitting the Inside interface not the outside interface!!!  The default route on the ASA points to the outside and everything else seems to work just fine!  If I look at the default route on the Sophos appliance it shows as pointing to the IP address of the DMZ interface on the ASA.

Put back the 5510 and everything works just fine...

Anyone ever seen this before? What in the world am I missing?

I

 

 

2 REPLIES 2
Marvin Rhoads
VIP Community Legend

The picture you attached show traffic from DMZ host 192.168.1.150 going to several hosts whose route is via the INSIDE interface according to the ASA's route lookup.

Are the routing commands on the 5512 the same as those on the 5510?

 

Hi.

 

Finally getting back to this after getting other projects under control and am going to try and get this in prod this weekend.

Yes.  The routing is identical.

I opened a case with TAC this am hoping they can see the problem.