Cannot get communication through to new Interface ASA5510

Unanswered Question
Apr 14th, 2008

I have recently enabled the 4th interface on the ASA 5510. I assigned a 10.16.0.5/16 address but cannot get any machine inside it to communicate with any machines on the inside or dmz subnets.

The objective is for inside clients to access service ports 443,80,1494,2598 on the govman subnet. Then to enable free communication between dmz and govman. Been trying for 2 days now.

My config file is attached.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pengfang Mon, 04/14/2008 - 20:50

Hi, please check followed two items first:

1. route outside 10.1.7.0 255.255.255.0 10.16.0.1 1

Is it conflict with gov interface 10.16.0.5/16 ?

2. nat

global (govman) 1 interface

nat (govman) 1 0.0.0.0 0.0.0.0

change to ->

global (govman) 10 interface

nat (govman) 10 0.0.0.0 0.0.0.0

This make dmz<->gov communicate. If your don't want to nat between dmz and gov, use "static identity nat" or "nat exemption"

Actions

This Discussion