02-26-2009 05:28 PM - edited 03-11-2019 07:58 AM
I have an MPLS network, with a main site running hosted applications [10.10.x.x/21, Router - 10.10.0.254], and 3 other sites [10.11.x.x/21, 10.12.x.x/21 and 10.13.x.x/21; GW for each router at each site is 10.11.0.254/21, etc.].
I have the 10.10.x.x/21 network behind an ASA 5510. It's inside interface is 10.10.0.252/21. The entire 10.10.x.x/21 network is behind the ASA. None of the other sites can access the hosts on the 10.10.x.x/21, nor can the 10.10.x.x/21 hosts access the other sites.
******************************************************
02-27-2009 02:31 AM
Tom
1) Do the other sites have a route to 10.10.x.x/21
2) Have you setup access on the ASA. So if you want the whole internal network to be accessible from the remote sites
static (inside,outside) 10.10.x.x 10.10.x.x netmask 255.255.248.0
and then you need to have an access-list applied to the outside interface of your ASA allowing access eg.
access-list outside_in permit ip 10.11.x.x 255.255.248.0 10.10.x.x 255.255.248.0
etc...
access-group outside_in in interface outside
Note i have used IP in the acl but you can tie it down to specific ports/IP addresses if you need to.
Jon
02-27-2009 07:20 AM
Jon,
Thanks for the reply.
1) Yes all sites have a route to the 10.10.0.0/21.
2) I added the static/acl and no change. I can't even ping.
02-27-2009 07:21 AM
Could you post the config of the ASA ?
Jon
02-27-2009 07:46 AM
Says it's too many characters...?
02-27-2009 07:56 AM
If you save it in a notepad or wordpad you should be able to add an attachment to your message.
Or you could try just pasting half of it into one message and the rest into another message.
Jon
02-27-2009 08:10 AM
02-27-2009 08:21 AM
Tom
Could you give an example of an IP address you are trying to access from a remote site and what the source IP address is as well. Also what tcp port you are trying to access on so
src IP address =
destination IP address =
Port number =
Jon
02-27-2009 08:24 AM
John, sure...
src IP address = 10.10.1.16
destination IP address = 10.11.0.254
Port number = 0 [STD PING]
The same is true for the opposite.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide