Help with CBAC

Unanswered Question
Dec 12th, 2008

All,

I have the following scenario. I have an 871W router connected to the internet.

Public IP: x.x.x.x

private IP: 10.20.1.1

The wireless clients connect and pull a 10.20.1.x address from a local pool on the router.

Behind this, I have an ASA:

public ip: 10.20.1.2

private ip: 10.20.0.1

I have a host behind the ASA:

10.20.0.50

CBAC works great for the clients on wireless or hardwired into the 10.20.1.0 network, but it stops working for the hosts behind the ASA. I didn't see any traffic from these hosts or the 10.20.1.2 address under "sh ip inspect sessions" command.

Is there anything special that I need to do in this scenario?

Thanks,

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sat, 12/13/2008 - 13:15

Hello John,

I suppose CBAC is enabled on 871.

just a basic check

what is the default gateway / next hop of default route on the ASA box ?

is the net 10.20.0.0/xx known on the 871 ?

there is a static route with next hop 10.20.1.2 on 871 ?

Have you got connectivity between 10.20.1.1 and 10.20.0.x with x=1 and x>1 ?

There are NAT rules on the 871 that include the 10.20.0.0 subnet ?

Hope to help

Giuseppe

Actions

This Discussion