Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA 5505 help

Reply
Thread Tools

ASA 5505 help

 
 
Gary Quiring
Guest
Posts: n/a
 
      07-16-2007
We switched ISP's and had a PIX 515e. The new firewall is a ASA
5505. We use a managed service to configure our Cisco gear. When we
switched to the ASA 5505 we are not able to get out to the web behind
a Linksys router. The router IP is on the on main lan and behind the
router is another lan. It works fine until we added a static map from
the outside IP of the ISP to the IP of the Linksys router. If we
delete the static map it works. My cisco guy is telling me the ASA is
considering this a hack and it won't work. I don't buy this answer as
it worked on the PIX and there must be some sort of work around.

 
Reply With Quote
 
 
 
 
gcave@routergod.com
Guest
Posts: n/a
 
      07-17-2007
On Jul 16, 11:54 am, Gary Quiring <(E-Mail Removed)> wrote:
> We switched ISP's and had a PIX 515e. The new firewall is a ASA
> 5505. We use a managed service to configure our Cisco gear. When we
> switched to the ASA 5505 we are not able to get out to the web behind
> a Linksys router. The router IP is on the on main lan and behind the
> router is another lan. It works fine until we added a static map from
> the outside IP of the ISP to the IP of the Linksys router. If we
> delete the static map it works. My cisco guy is telling me the ASA is
> considering this a hack and it won't work. I don't buy this answer as
> it worked on the PIX and there must be some sort of work around.


I sounds to me like you are not NATing the traffic on the ASA. First
can you ping from behind your linksys to the inside interface of your
ASA?
Your ASA needs a route back to the LAN side of the Linksys. Do a
route inside 10.1.1.0 255.255.255.0 10.1.1.254 (model your
addressing), next make sure you are able to NAT the routes on the
inside of the Linksys. You have a a global and a NAT command that
work together.

global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.0.0

The above example will NAT any 192.168.x.x network address (not always
a great idea) with the outside interface on the ASA you can substitute
outside for a REAL address.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5550 behind ASA 5505 Dogg Child Cisco 4 06-08-2010 06:56 PM
Re: ASA 5505 behind ASA 5505 Dogg Child Cisco 0 06-07-2010 12:13 PM
New Cisco ASA 5505 Appliance Help? tdenham735@gmail.com Cisco 0 12-06-2007 08:03 PM
Cisco ASA 5505 - please help davor Cisco 0 12-03-2007 01:28 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM



Advertisments