- Green, 3000 points or more
I posted this theat before, but here it goes again because the problem is different now.
I just can't figure it out.
We have a new ISP.
They provided us with a new public IP range.
If I connect a computer directly to the router and give my computer the IP 22.214.171.124, I can open www.me.com
If I connect the same machine behind the ASA 5550 running 8.2(2), and assign my machine the same IP 126.96.36.199, the page cannot be displayed. (NATed through the ASA)
This happens always, all the times.
If I try different IPs bypassing the ASA it works, trying the same IPs behind the ASA it does not work.
There's no HTTP inspection enabled.
There's no ACL blocking the traffic.
I did a capture and it shows traffic going out, but never coming back to the ASA?!
How could this be?
If in the same minute, I disconnect the ASA and plug my computer it works!
The Packet Tracer shows the flow of the connection should be permitted by every process.
The sh asp drops are just to excessive to see exactly which one increments each time I attempt to access the page.
Definitely, the ASA is causing the problem here ( I have a lot of experience with the ASA and I'm lost please help me out!)
Is it possible to stick a hub on the outside and run the ASA and the router into it?
Then use a laptop on the hub and gather wireshark captures so, we can see if me.com even sends a syn ack back to the syn sent from behind the firewall and if so, what mac address the syn ack is being sent to?
Should be simple to do right?
So your router is simply forwarding all traffic to your FW outside interface connected to it and nothing else?
Why don't you remove the router and put your firewall directly on the internet and try it out by doing same NAT, I believe the problem is between router and firewall comms.
As said please post your config's
Yes, clear the arp on the router/reload the router after you NAT it on the ASA. It will work just fine after.