02-12-2008 05:47 AM - edited 03-11-2019 05:01 AM
I have a Cisco ASA5510 and a server that has Intel PROSet for Wired Connections loaded in an Adaptive Load Balancing mode. When i place this server behind the firewall, everything works fine. However, when I place a rule in the Access-List and a Static Mapping in, all inbound and outbound traffic stops. Any suggestions?
02-12-2008 07:38 AM
your rule seems messy...what rule are you adding ? can you paste your config
02-12-2008 07:53 AM
I have mased my external IPs for obvious reasons.
As i stated - the current machines, which only have 1 nic, work fine. when i attempt to pull a server that has dual - nics using Adaptive Load Balancing by Intel, and i add a mapping in (for RDP), the server is unable to browse and any traffic will not make it in.
: Saved
:
ASA Version 7.0(7)
!
hostname wbaiweb
domain-name ####.com
enable password #### encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address Mas.Ked.0.5 255.255.255.192
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.11 255.255.255.0
management-only
!
passwd PU6AEZI3KHII8gEh encrypted
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
object-group service 3389 tcp
port-object range 3389 3389
object-group service 25 tcp
port-object range smtp smtp
access-list OUTSIDE_ACCESS_IN extended permit tcp any host Mas.Ked.0.54 eq 3389
access-list OUTSIDE_ACCESS_IN extended permit tcp any host Mas.Ked.0.10 eq 3389
access-list OUTSIDE_ACCESS_IN extended permit tcp any host Mas.Ked.0.55 eq 3389
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) Mas.Ked.0.54 192.168.100.54 netmask 255.255.255.255
static (inside,outside) Mas.Ked.0.10 192.168.100.10 netmask 255.255.255.255
static (inside,outside) Mas.Ked.0.55 192.168.100.55 netmask 255.255.255.255
access-group OUTSIDE_ACCESS_IN in interface outside
route outside 0.0.0.0 0.0.0.0 Mas.Ked.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet Mas.Ked.0.0 255.255.255.0 outside
telnet 192.168.100.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:xxx
: end
wbaiweb#
02-12-2008 08:08 AM
hmm..it seems routing issue here...check the "route print" output on your server..is the default gateway correct ?
Add
1)inspect icmp in yoru policy map
policy-map global_policy
class inspection_default
inspect icmp
2)Now turn on debug icmp trace on firewall and ping from the dual nic card server..do you see pings reply ? do you see these request and replies through the firewall in this "debug icmp trace" output ?
3)If you turn OFF one NIC card.I suspect this would work.... get me the logs if possible
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: