ASA VPN after PIX515 firewall no access

Unanswered Question
Oct 30th, 2009
User Badges:

Hello

I have PIX515 as internet gateway where I configured static NAT to ASA

static (inside,outside) "public IP" “ASA IP” netmask 255.255.255.255

On ASA VPN I set route outside 0.0.0.0 0.0.0.0 192.168.1.1 where 192.168.1.1 is PIX

With that configuration I'm not able to access ASA VPN or WebVPN from external host

BUT

On my network is another internet line (backup) and is based on Cisco 877

When i change gateway on asa to 192.168.1.254 (Cisco 877 backup gateway) and on that router will create NAT for port 443 or any other one and pointing to ASA IP then is working without any problems (problem is so that line is not performing as fast as PIX one )

Any Idea why PIX with static NAT not allowing accessing ASA while any other host is accessible on this NAT configuration on PIX Firewall


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Fri, 10/30/2009 - 01:34
User Badges:
  • Red, 2250 points or more

You must also add an acl permitting this traffic on the PIX:

access-list outside permit any host "public IP".

int outside

access-group outside in


regards,

Leo

cargiant1t Fri, 10/30/2009 - 02:34
User Badges:

Hi Leo

Thanks for your reply

At the moment i have about 7 static NAT and ACL running on that PIX and they are fine , but as son as I put ASA on that internal IP instead of www, pop or any other server , then is no response at all

cargiant1t Fri, 10/30/2009 - 03:25
User Badges:

I resolved that issue , it was problem on ISP site

Actions

This Discussion