Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm running into a problem with a couple of my 5545-x ASA's. Servers in the DMZ cannot contact each other over their public interfaces. All other operations seem to be normal. They can contact each other on their private interfaces no problem. I ...
I have a 5508-x running a remote office with servers in a DMZ, a guest network, and site to site VPN back to our headquarters. I'm running into a problem where the DMZ servers cannot access the internet. The servers are operating normally otherwise...
I've got a asa 5508-x(9.4(1)) on a 100Mbit ethernet connection. Behind the asa are about 120 clients, 90 of those being actual computers. The asa has 3 site to site VPN tunnels running voip traffic and linking branch offices. Overall things are wo...
I tried running the captures from both DMZ and outside interfaces but picked up no packets. It didn't matter if I tried http, ssh or anything that may not have been allowed by access control lists. Just to test, I captured traffic from 10.0.0.9 to ...
Inside the DMZ all servers are able to ping each other. 192.168.253.9 can ping .10 without a problem. Its when you try to have them ssh(no ping on public interfaces) from 10.0.0.9 to 10.0.0.10 is when the traffic gets stopped.
All the nat'ing from the outside world seems to be working just fine. I still can't get 10.0.0.10 to connect to 10.0.0.9. Here is a trace of that.
packet-tracer input outside tcp 10.0.0.10 1234 10.0.0.9 ssh deailed
Phase: 1
Type: UN-NAT
Subtyp...
I changed it to where I only have these nats
nat (DMZ,outside) source static DMZ-Host-mail-int DMZ-Host-mail
nat (DMZ,outside) source static DMZ-Host-mail2-int DMZ-Host-mail2
!
object network DMZ-subnet
nat (DMZ,outside) dynamic interface
That sec...
