Replacing Pix with ASA5510

Unanswered Question
Jan 27th, 2009

hi all.

<br />last weekend i was trying to replace our curent PIX firewalls (515) with ASA5510 (in failover mode) in the datacentre. i configured the new ASA from scratch line by line (to mirror the config on the pix)and not using the config converting tool.

<br />

<br />I replaced the firewalls and prior to switching them on, i cleared the arp cache on all the switchs and the servers to avoid any arp cache issues. I also called our ISP support team to clear the arp cache on their access routers (the default gateway of our firewalls) which they rather reluctantly did.

<br />

<br />When i switched on the firewalls it was very strange in that our webiste was responding to the pings but no content was being shown (i tried the pings from a usb dongle net conenction). The ACL's on the new firewalls were being hit and VPN tunnels with some of our suppliers were established. My colleages tried the same with their BT connection and the ping failed. When my colleagues ran a traceroute it failed at one of our ISP access routers in the datacentre. They say that they cleared the arp cached so the problem is with our new firewall/config and were adamant on that. So then i decided to roll back and put the old firewalls back in and I pinged the from website and the reply was back straight away (which is telling me the arp cached wasnt cleared properly).

<br />

<br />to test connectivity and rule out hardware issue ont the new ASA, i quickly configured them on a second IP range we have and put a server behind it. That server could access the net and i also set up RDP and from my lapop(using the usb dongle) establish RDP to that server!

<br />

<br />Can someone please explain or shed light as to what the problem might have been?

<br />

<br />Apologies for the essay.

<br />Many thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion