ASA 5505 help

Discussion in 'Cisco' started by Gary Quiring, Jul 16, 2007.

  1. Gary Quiring

    Gary Quiring Guest

    We switched ISP's and had a PIX 515e. The new firewall is a ASA
    5505. We use a managed service to configure our Cisco gear. When we
    switched to the ASA 5505 we are not able to get out to the web behind
    a Linksys router. The router IP is on the on main lan and behind the
    router is another lan. It works fine until we added a static map from
    the outside IP of the ISP to the IP of the Linksys router. If we
    delete the static map it works. My cisco guy is telling me the ASA is
    considering this a hack and it won't work. I don't buy this answer as
    it worked on the PIX and there must be some sort of work around.
    Gary Quiring, Jul 16, 2007
    #1
    1. Advertising

  2. Gary Quiring

    Guest

    On Jul 16, 11:54 am, Gary Quiring <> wrote:
    > We switched ISP's and had a PIX 515e. The new firewall is a ASA
    > 5505. We use a managed service to configure our Cisco gear. When we
    > switched to the ASA 5505 we are not able to get out to the web behind
    > a Linksys router. The router IP is on the on main lan and behind the
    > router is another lan. It works fine until we added a static map from
    > the outside IP of the ISP to the IP of the Linksys router. If we
    > delete the static map it works. My cisco guy is telling me the ASA is
    > considering this a hack and it won't work. I don't buy this answer as
    > it worked on the PIX and there must be some sort of work around.


    I sounds to me like you are not NATing the traffic on the ASA. First
    can you ping from behind your linksys to the inside interface of your
    ASA?
    Your ASA needs a route back to the LAN side of the Linksys. Do a
    route inside 10.1.1.0 255.255.255.0 10.1.1.254 (model your
    addressing), next make sure you are able to NAT the routes on the
    inside of the Linksys. You have a a global and a NAT command that
    work together.

    global (outside) 1 interface
    nat (inside) 1 192.168.0.0 255.255.0.0

    The above example will NAT any 192.168.x.x network address (not always
    a great idea) with the outside interface on the ASA you can substitute
    outside for a REAL address.
    , Jul 17, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,314
  2. davor

    Cisco ASA 5505 - please help

    davor, Dec 3, 2007, in forum: Cisco
    Replies:
    0
    Views:
    975
    davor
    Dec 3, 2007
  3. Replies:
    0
    Views:
    443
  4. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    595
    Dogg Child
    Jun 7, 2010
  5. Dogg Child

    ASA 5550 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    4
    Views:
    1,036
    Morph
    Jun 8, 2010
Loading...

Share This Page