www problem while upgrading in asa

Unanswered Question
Oct 3rd, 2008

During one upgrade from pix to asa i'm encountering one problem with my proxy servers situated in the inside segment.They are not able to browse internet.The question that i have is that is anything to be added in asa modular policy keeping the same config ?

(executing the show xlate i notice that internal proxys are translated outside through global nat).

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Fri, 10/03/2008 - 08:37

Hi,

Is your internet located in dmz1 or outside.

I think it is outside.

If it is true ,then statics are incorrect :

no static (inside,dmz1) 211.20.21.16 192.168.254.7 netmask 255.255.255.255

no static (inside,dmz1) 211.20.21.17 192.168.254.8 netmask 255.255.255.255

static (inside,outside) 211.20.21.16 192.168.254.7 netmask 255.255.255.255

static (inside,outside) 211.20.21.17 192.168.254.8 netmask 255.255.255.255

As when you access internet,outside pat address is used,the internet seems to be on outside for which you do not have any static translation defined.

Check " sh run route : and see where

route 0.0.0.0 0.0.0.0

Do rate helpful posts.

Regards,

Sushil

m-daja Fri, 10/03/2008 - 23:21

Thank you for your response.

Can you please give me one answer if it's possible why the communication does not proceed to flow while including asa instead of pix (the configuration is the same)?

In case i will go and translate the proxy outside static(not to leave dynamic) or from dmz to outside(static) and this will not work do we have to check something in modular policy of this new engine

(no problem of routing)

Actions

This Discussion