Issue with ASA

kevinhobson2000 · ‎02-05-2009

Hi,

I have an issue with my ASA where if i point a default route from the WAN router to the firewall i get incomplete arp records on the router and i cant get to anything behind the firewall. But if i put the specific statics in to the subnets behind the firewall everything works fine.

What is the problem with my firewall does it need proxy arp enabling to respond on behalf of these subnets.

Thanks

Kev

eddie.mitchell · ‎02-05-2009

Kevin,

I am assuming the inside interface of the WAN router and the outside interface of the ASA share the same public address space? I am also assuming you are attempting to access RFC-1918 address space on the inside interface of the ASA?

To get traffic from a lower security interface (outside) to a higher security interface (inside) on PIX/ASA firewalls you need static statements.

kevinhobson2000 · ‎02-05-2009

Eddie,

Hi this is a customer of ours.

Its not a public its on a 10 range.

We supply them with internet access but that is a different router.

Let me know anymore info you need.

Cheers

Kev

eddie.mitchell · ‎02-06-2009

Kev,

Is "nat-control" enabled on the ASA?

Please reference the following document:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml#backinfo

Pravin Phadte · ‎02-06-2009

Plz provide the configs

it would help to narrow down the problem much better

kevinhobson2000 · ‎02-09-2009

Hi,

Unfortunately i cant provide the configs because its not our firewall.

All i can tell you is that there is a default route to the firewall which is advertised via bgp.

So traffic follows the default route the follows the connected route because it is more specific than the default so it is relying on ARP for the ip addresses and they are incomplete for anything it seems behind the customer firewall.

Cheers

Kev

wandawg · ‎02-18-2009

Hi,

Did you ever resolve? Sounds somewhat familiar to a problem that I am having.