About Loxmyth

Loxmyth · 08-17-2023

On my 5510, NAT rules appear to be needed for successful communication between interfaces at different security levels.On Ricky's 5540, the security levels alone are sufficient to control flow between these; no NAT rules are required.I'd say that was...

Loxmyth · 08-13-2023

This seems to be a perennial problem... I have had the ASA-5510 running pretty well for a year or two, configured to simply segregate traffic by security level of the Interface: Management0/0, security level 100: "management", can open connections to...

Loxmyth · 09-23-2022

The default access rules on this box allow incoming IP from "any" to "any less-secure network". plus a global (outgoing?) "any to any", with no rule for the WAN connection. That's enough to let all my devices reach the outside world, and for more-sec...

Loxmyth · 09-20-2022

Still looking at my old ASA-5510... I'm confused by the relationship between ARP and DHCP information.In the DHCP server table, some devices (not all) show a client ID which is not their 36-bit MAC address, but a 40-bit value which is apparently the ...

Loxmyth · 09-19-2022

My lab is behind an old ASA5510 box (yes, I know, legacy hardware, but it does give us the Vnet isolation and some firewall protection).For testing purposes, I need to have one of the devices attached be assigned a stable address by DHCP. Unfortunate...

Loxmyth · 08-23-2023

Took the simplest route and switched the addresses to the 192.168 range.Yes, it now works without address translation.I still want to know where the assumption that 172 implied 255.255.0.0 was coming from. I'm guessing that it's a Raspbian Linux misb...

Loxmyth · 08-22-2023

Ahhh. Wow. Well, I figured it would be obvious in retrospect... I thought about that when first setting up the address ranges for each interface, then forgot it again.So the question is, where the heck is that /16 coming from? According to ASDM, all...

Loxmyth · 08-22-2023

Restored NAT on interface 2/DMZ. Had to reboot the Pi; probably something about that unstable-state ssh connection. It's still .2.20, since I have an inform line in its dhcpcd.conf file saying so (that one needs a stable address). The machine I'm ru...

Loxmyth · 08-22-2023

OK. Moved the Pi from 3.20 to 2.20, plugged directly into the ASA's interface 2 (DMZ)With NAT on DMZ, can SSH to it.With NAT on DMZ disabled...Hm. Interesting. Disabling the NAT rule did not seem to break an SSH connection I had left open (?!). But a...

Loxmyth · 08-22-2023

I should probably rename this thread at some point, given that my initial guess about nat-control being involved was wrong.Marius: Actually, I was wrong. There's a TPLink AC1750 first, running in access point mode with no NAT or DHCP of its own. Then...

Member Since	‎08-01-2020 04:06 PM
Date Last Visited	‎08-30-2023 12:33 AM
Posts	39

User Statistics

User Activity

Problems running ASA5510 as 172.x.y.z (final resolution: subnet masks)

ASA 5510: Access rules, user error/confusion

ASA-5510 Access Rules, beginner misunderstandings...

40-bit DHCP client IDs -- why?

Any way to do static dhcp on a 5510?

Re: Problems running ASA5510 as 172.x.y.z (final resolution: subnet ma

Re: nat-control deprecated; any equivalent? (moved here)

Re: nat-control deprecated; any equivalent? (moved here)

Re: nat-control deprecated; any equivalent? (moved here)

Re: nat-control deprecated; any equivalent? (moved here)