ASA 8.25 upgrade to 9.14 problem

Answered Question
Dec 13th, 2013
User Badges:

We have just upgraded our ASA 5510 from 8.25 to 9.14 via 8.47 using ASDM and everything seemed to be working.

However we have an external program that accesses a server in our DMZ that has stopped and we just cant see the issue.

Without copying in our entire asa config, is there anything obvious that anyone can think of that could be causing the issues. We have been looking at the NAT and access rules and trying to work out how it has changed.

Correct Answer by Jon Are Endrerud about 3 years 8 months ago

The first things that spring to mind is og course NAT and ACL. Maybe check the arp that are registred to the dmz interface. Also run a "show xlate" and check for the dmz server address.

Are there no connection ? ICMP (ping) ?

Hsve you run the packet tracer, either from asdm CLI ?

Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Are Endrerud Fri, 12/13/2013 - 12:40
User Badges:

The first things that spring to mind is og course NAT and ACL. Maybe check the arp that are registred to the dmz interface. Also run a "show xlate" and check for the dmz server address.

Are there no connection ? ICMP (ping) ?

Hsve you run the packet tracer, either from asdm CLI ?

Sent from Cisco Technical Support iPhone App

Julio Carvajal Sat, 12/14/2013 - 04:36
User Badges:
  • Purple, 4500 points or more

Hello,


PRovide the output you will get from


packet-tracer input outside tcp x.x.x.x (host on the outside that connects)  1025 y.y.y.y (public address of server) # (port where it listens)


Example


packet-tracer input outside tcp 4.2.2.2 1025 8.8.8.8 80



Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Actions

This Discussion

Related Content