Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
8
Replies

Interface troublshoot

batumibatumi
Level 1
Level 1

‎04-21-2008 04:56 AM - edited ‎03-11-2019 05:34 AM

i have ASA 5510 which is already configured, with default gateway, VPN, and ets. and work OK.... :)))) My manager want once more Mail server... ISP gave me Public IP and gateway. i assign this public IP on ASA's interface and add static route. It means now i have 2 default gateway. i opened ICMP and IP protocols on the that interfaces (where i assign new public IP) ... One old and outher new one. But i can not ping new IP when old one can....

Any idea ?

Labels:
0 Helpful
8 Replies 8

bauti1428
Level 1
Level 1

‎04-21-2008 05:31 AM

Are your mail servers on the DMZ? Do you want the mail server to be reachable outside? Then you need to NAT those IP's. Also verify that you got the correct public IP's from your ISP. Your outside interface that was give to you by your ISP is on the same subnet?

0 Helpful

batumibatumi
Level 1
Level 1
In response to bauti1428

‎04-21-2008 06:01 AM

Public IP and its Geatway are in the same SUBNET. No i'm not using DMZ, i just want users inside have to send and receve Mail. i have already made PAT in that interface where new public IP is configured and also i permit ICMP and IP from the outside, but no result :((( hosts inside the network (10.30.30.0/24) cant ping new IP address on the interface ... :(

0 Helpful

bauti1428
Level 1
Level 1
In response to batumibatumi

‎04-21-2008 06:07 AM

How many interfaces are you trying to use? Do you have an outside interface and inside interface only? Also on your mail server does it reach to a server outside on port 25? Is your mail server located in your inside interface? Can you draw a map of what your trying to do?

0 Helpful

batumibatumi
Level 1
Level 1
In response to bauti1428

‎04-21-2008 06:34 AM

at this time i have 2 inside network (10.1.1.0/24 and 10.30.30.0/24 >>> second network i made for the new MAIL server)... I also have two ouside interface with two IP's (one is 87.x.x.x and second 77.x.x.x)...

Host 10.30.30.0 cant ping and access with INTERNET...

P.S. there already was static route (outside 0.0.0.0 0.0.0.0 87.x.x.x 1) and i add static route (outside 0.0.0.0 0.0.0.0 77.x.x.x. 1) mabye this config is wrong ... ? ask what U want merely to resolve this problem.. its very imprtant to me :)))

Regard

great TNX bauti1428

0 Helpful

bauti1428
Level 1
Level 1
In response to batumibatumi

‎04-21-2008 09:11 AM

Do you have dual ISP's? Is the 77.x.x.x connected to another ISP provider?

Check this link for dual ISP http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/examples.html#wp1057935

Configuring Static Route Tracking below.

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/routing.html#wp1118793

0 Helpful

batumibatumi
Level 1
Level 1
In response to bauti1428

‎04-21-2008 10:48 AM

No i have two public IP. Those IPs are from different ISP...

i config stati route:

route outside 0.0.0.0 0.0.0.0 87.x.x.x 1

route outside 0.0.0.0 0.0.0.0 77.x.x.x 1

My ponts is that: New mail server should be use new IP address (77.0.0.0), and my old network (10.1.1.0) have to access to the new network (10.30.30.0)....

bauti1428, any idea ... ?

regards and many Thanks from ur kindness... :)))

cheers

0 Helpful

batumibatumi
Level 1
Level 1
In response to batumibatumi

‎04-22-2008 06:21 AM

bauti1428, hope U help me ...

0 Helpful

bauti1428
Level 1
Level 1
In response to batumibatumi

‎04-22-2008 07:10 AM

If you have two ISP provider, you should follow the direction I sent you. Also you can open up a TAC case if you have a smartnet.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card