Help with CBAC

Unanswered Question
Dec 12th, 2008
User Badges:
  • Purple, 4500 points or more

All,


I have the following scenario. I have an 871W router connected to the internet.


Public IP: x.x.x.x

private IP: 10.20.1.1


The wireless clients connect and pull a 10.20.1.x address from a local pool on the router.


Behind this, I have an ASA:


public ip: 10.20.1.2

private ip: 10.20.0.1


I have a host behind the ASA:


10.20.0.50


CBAC works great for the clients on wireless or hardwired into the 10.20.1.0 network, but it stops working for the hosts behind the ASA. I didn't see any traffic from these hosts or the 10.20.1.2 address under "sh ip inspect sessions" command.


Is there anything special that I need to do in this scenario?


Thanks,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sat, 12/13/2008 - 13:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

I suppose CBAC is enabled on 871.


just a basic check

what is the default gateway / next hop of default route on the ASA box ?

is the net 10.20.0.0/xx known on the 871 ?

there is a static route with next hop 10.20.1.2 on 871 ?

Have you got connectivity between 10.20.1.1 and 10.20.0.x with x=1 and x>1 ?

There are NAT rules on the 871 that include the 10.20.0.0 subnet ?


Hope to help

Giuseppe


Actions

This Discussion