Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
223
Views
0
Helpful
1
Replies

Cannot get communication through to new Interface ASA5510

njssadmin
Level 1
Level 1

‎04-14-2008 04:47 PM - edited ‎03-11-2019 05:31 AM

I have recently enabled the 4th interface on the ASA 5510. I assigned a 10.16.0.5/16 address but cannot get any machine inside it to communicate with any machines on the inside or dmz subnets.

The objective is for inside clients to access service ports 443,80,1494,2598 on the govman subnet. Then to enable free communication between dmz and govman. Been trying for 2 days now.

My config file is attached.

Labels:
Preview file
10 KB
0 Helpful
1 Reply 1

pengfang
Level 1
Level 1

‎04-14-2008 08:50 PM

Hi, please check followed two items first:

1. route outside 10.1.7.0 255.255.255.0 10.16.0.1 1

Is it conflict with gov interface 10.16.0.5/16 ?

2. nat

global (govman) 1 interface

nat (govman) 1 0.0.0.0 0.0.0.0

change to ->

global (govman) 10 interface

nat (govman) 10 0.0.0.0 0.0.0.0

This make dmz<->gov communicate. If your don't want to nat between dmz and gov, use "static identity nat" or "nat exemption"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card