ASA 5505, 8.3 Inbound traffic rejected after reboot
When moving to ASA 8.3 I wanted to learn the new NAT features. However, I have encountered an annoying problem.
After a reboot, inbound traffic is blocked. I have to disable-apply-enable-apply all the ACL firewall ACL entries rules - all together - for allowing inbound initiated traffic to flow. There is no problem with traffic initiated from inside.
I have reduced the config to a minimum. With only one access list entry there is no problem. When I add another (e.g. the line tagged with (*****) the problem appears again after a reboot.
I work 99.9% from ASDM.
Object NAT and 'twice' NAT make no difference.
(FUI: Not included in the config but I encounter a similar problem with aaa authentication. That too is fixed by the above disable-apply-enable-apply procedure.)
Re: ASA 5505, 8.3 Inbound traffic rejected after reboot
Thanks PK. It helped!
I was using real addresses in the beginning, but packets were dropped, so I believed I had misunderstood something in the release description. So I started using mapped addresses again. Mapped addresses apparently works - until rebooting - I wonder why!?!?!
I will now restore my full configuration and make the address ajustments. I wonder if my aaa authention problems are solved by this.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...