Help with CBAC

Unanswered Question
Dec 12th, 2008
User Badges:
  • Purple, 4500 points or more


I have the following scenario. I have an 871W router connected to the internet.

Public IP: x.x.x.x

private IP:

The wireless clients connect and pull a 10.20.1.x address from a local pool on the router.

Behind this, I have an ASA:

public ip:

private ip:

I have a host behind the ASA:

CBAC works great for the clients on wireless or hardwired into the network, but it stops working for the hosts behind the ASA. I didn't see any traffic from these hosts or the address under "sh ip inspect sessions" command.

Is there anything special that I need to do in this scenario?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sat, 12/13/2008 - 13:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

I suppose CBAC is enabled on 871.

just a basic check

what is the default gateway / next hop of default route on the ASA box ?

is the net known on the 871 ?

there is a static route with next hop on 871 ?

Have you got connectivity between and 10.20.0.x with x=1 and x>1 ?

There are NAT rules on the 871 that include the subnet ?

Hope to help



This Discussion