Cannot get communication through to new Interface ASA5510

Unanswered Question
Apr 14th, 2008
User Badges:

I have recently enabled the 4th interface on the ASA 5510. I assigned a 10.16.0.5/16 address but cannot get any machine inside it to communicate with any machines on the inside or dmz subnets.

The objective is for inside clients to access service ports 443,80,1494,2598 on the govman subnet. Then to enable free communication between dmz and govman. Been trying for 2 days now.


My config file is attached.



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pengfang Mon, 04/14/2008 - 20:50
User Badges:

Hi, please check followed two items first:

1. route outside 10.1.7.0 255.255.255.0 10.16.0.1 1


Is it conflict with gov interface 10.16.0.5/16 ?


2. nat


global (govman) 1 interface

nat (govman) 1 0.0.0.0 0.0.0.0


change to ->


global (govman) 10 interface

nat (govman) 10 0.0.0.0 0.0.0.0


This make dmz<->gov communicate. If your don't want to nat between dmz and gov, use "static identity nat" or "nat exemption"

Actions

This Discussion