Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
On my 5510, NAT rules appear to be needed for successful communication between interfaces at different security levels.On Ricky's 5540, the security levels alone are sufficient to control flow between these; no NAT rules are required.I'd say that was...
This seems to be a perennial problem...
I have had the ASA-5510 running pretty well for a year or two, configured to simply segregate traffic by security level of the Interface:
Management0/0, security level 100: "management", can open connections to...
The default access rules on this box allow incoming IP from "any" to "any less-secure network". plus a global (outgoing?) "any to any", with no rule for the WAN connection. That's enough to let all my devices reach the outside world, and for more-sec...
Still looking at my old ASA-5510... I'm confused by the relationship between ARP and DHCP information.In the DHCP server table, some devices (not all) show a client ID which is not their 36-bit MAC address, but a 40-bit value which is apparently the ...
My lab is behind an old ASA5510 box (yes, I know, legacy hardware, but it does give us the Vnet isolation and some firewall protection).For testing purposes, I need to have one of the devices attached be assigned a stable address by DHCP. Unfortunate...
Took the simplest route and switched the addresses to the 192.168 range.Yes, it now works without address translation.I still want to know where the assumption that 172 implied 255.255.0.0 was coming from. I'm guessing that it's a Raspbian Linux misb...
Ahhh. Wow. Well, I figured it would be obvious in retrospect... I thought about that when first setting up the address ranges for each interface, then forgot it again.So the question is, where the heck is that /16 coming from? According to ASDM, all...
Restored NAT on interface 2/DMZ. Had to reboot the Pi; probably something about that unstable-state ssh connection. It's still .2.20, since I have an inform line in its dhcpcd.conf file saying so (that one needs a stable address). The machine I'm ru...
OK. Moved the Pi from 3.20 to 2.20, plugged directly into the ASA's interface 2 (DMZ)With NAT on DMZ, can SSH to it.With NAT on DMZ disabled...Hm. Interesting. Disabling the NAT rule did not seem to break an SSH connection I had left open (?!). But a...
I should probably rename this thread at some point, given that my initial guess about nat-control being involved was wrong.Marius: Actually, I was wrong. There's a TPLink AC1750 first, running in access point mode with no NAT or DHCP of its own. Then...
