Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
4
Replies

ASA behind PIX problems

remco.gussen
Level 1
Level 1

‎09-16-2009 11:10 PM - last edited on ‎03-25-2019 05:43 PM by Community Manager

We have an ASA 5550 cluster behind a PIX 525 firewall. I'm trying to connect to the internet that is behind the PIX 525 from an inside host behind the ASA. I configured overload on the ASA outside interface (Dynamic NAT rule). The ASA outside interface is connected to the PIX 525 DMZ segment. Also, there is a Dynamic NAT rule on the PIX for overloading all DMZ addresses to the Outside PIX interface (Internet).

From my inside host i can ping addresses on the internet (www.google.nl), but a websession is not possible. On both firewalls the NAT rules are ok,firewall policies permit ip any.

I also did a test to make a static nat rule for port 3389 on the PIX and on the ASA. I tried to set up a RDP connection form the Internet to my inside host. Netstat -an on inside host display an "Established" connection on port 3389 from the Outside internet host.. On my outside Internet host, it takes 30 seconds, noting there...

I don't know where to find the solution to this problem..

Labels:
0 Helpful
4 Replies 4

apdatasoft
Level 1
Level 1

‎09-17-2009 12:16 AM

Hi,

what does the log of Pix & ASA shows.

Thanks

AP

0 Helpful

remco.gussen
Level 1
Level 1
In response to apdatasoft

‎09-17-2009 12:54 AM

I found out something.

It seems to be an MTU problem. Normal (default) ping is ok. Ping with -l switch, gives problems. A packet size of 214 is ok, from 215 it goes wrong..

Client is behind WLC controller btw..

Maybe the problem is on the WLC...

0 Helpful

sachin.verma
Level 1
Level 1
In response to remco.gussen

‎09-17-2009 04:23 AM

Hi,

What is the version running on your WLC,as there is a know bug for MTU less than 1500 on WLC.The solution is to upgrade the controller firmware to 4.0(155)

thanks

Sachin Verma

0 Helpful

remco.gussen
Level 1
Level 1
In response to sachin.verma

‎09-17-2009 04:42 AM

6.0.182.0

Newest version !!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card