cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
367
Views
0
Helpful
2
Replies

local LAN problem

lbrlove
Level 1
Level 1

I have recently installed an ASA 5510 with v.7.2.1 software. The flows and NAT traversing the box work fine, but there is a strange effect on the local LAN.

When the ASA is plugged into the local LAN switch - totally vanilla Linksys 48-port gigabit - hosts cannot reliably connect to a MS SQL database machine. The host can reliably be contacted thru the firewall by a DMZ Web box. When the firewall is unplugged, everything works fine locally (but obviously not with the Web box).

I have placed in NAT exemptions for local traffic, inserted the "same-security-traffic permit intra-interface" command, all to no avail.

Also of note, this is manifest in pings as well. The machine will just drop off the LAN mysteriously. I even tried an alternate switch, a Cisco 3500 series configured totally vanilla - no difference.

Does anyone have a general idea what is going on here? I can post a config if necessary, but I was hoping this is a more general problem others have seen. Cheers.

2 Replies 2

jwalker
Level 3
Level 3

Is there an IP conflict? Unless the web box is on another network, the connection from host to inside will never hit the firewall. It should just go through the switch.

Good question, but no conflict. I have painstakingly confirmed all IP addresses, subnet masks, gateway entries, route tables, and even NIC diagnostics. This is a small network, and the four servers and firewall all have assigned addresses (192.168.10.x where 'x' will be in the thirties or forties). All user hosts are DHCP and start with 'x' > 128.

The only mechanism I could imagine causing this under the circumstances would be some host intervening by creating a conflict (i.e. promiscuous arp when it sees the initial arp resolution broadcast). Since it only happens when the ASA is plugged in, I assumed it must be the ASA doing it(?)

Any other explanation anyone can think of? I am no maven on these things.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: