www problem while upgrading in asa

Unanswered Question
Oct 3rd, 2008
User Badges:

During one upgrade from pix to asa i'm encountering one problem with my proxy servers situated in the inside segment.They are not able to browse internet.The question that i have is that is anything to be added in asa modular policy keeping the same config ?

(executing the show xlate i notice that internal proxys are translated outside through global nat).



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Fri, 10/03/2008 - 08:37
User Badges:
  • Gold, 750 points or more

Hi,


Is your internet located in dmz1 or outside.

I think it is outside.

If it is true ,then statics are incorrect :



no static (inside,dmz1) 211.20.21.16 192.168.254.7 netmask 255.255.255.255

no static (inside,dmz1) 211.20.21.17 192.168.254.8 netmask 255.255.255.255



static (inside,outside) 211.20.21.16 192.168.254.7 netmask 255.255.255.255

static (inside,outside) 211.20.21.17 192.168.254.8 netmask 255.255.255.255



As when you access internet,outside pat address is used,the internet seems to be on outside for which you do not have any static translation defined.



Check " sh run route : and see where



route 0.0.0.0 0.0.0.0



Do rate helpful posts.



Regards,

Sushil

m-daja Fri, 10/03/2008 - 23:21
User Badges:

Thank you for your response.

Can you please give me one answer if it's possible why the communication does not proceed to flow while including asa instead of pix (the configuration is the same)?

In case i will go and translate the proxy outside static(not to leave dynamic) or from dmz to outside(static) and this will not work do we have to check something in modular policy of this new engine

(no problem of routing)

Actions

This Discussion