I'm setting up 2 x ASA 5510's and have got the failover working and from the trunk port for my sub interfaces which goes into a 3750. Anyway I'm have a bit of a nightmare as I can't get a PC on VLAN 50 with an IP of 172.26.1.222 to access the firewall via the ASDM on 192.168.60.222 or ping it. 172.26.1.222 can ping the interface on the ASA to 172.26.1.1. The packet trace says 172.26.1.222 as allowed to 192.168.60.222 on https but not http
cli error: TCP access denied by ACL from 172.26.1.222/80 to Testl_Live_WAN:192.168.60.222/80
Do I need to add a NAT? NAT's look very different in this version as I'm use to 8.2.
CiscoASA-5510-Test-1# sh run
ASA Version 8.4(3)
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
no ip address
ip address 192.168.60.222 255.255.255.0 standby 192.168.60.223
no ip address
ip address 172.26.1.1 255.255.255.0 standby 172.26.1.249
" The ASA as a security device is not going to allow traffic to a distant interface, so in your case from the inside interface on any host you will not be able to reach the outside ip address ( via icmp,telnet,ssh,asdm,etc). This as a security meassure"
So if you want to connect via ASDM you will need to access the inside interface and not the outside interface, that is why you are seeing the ACL drop
Please rate all the helpful posts
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :