ASA 5510 - Network Address Changed some connections locked out

ako0000011 · ‎10-03-2014

Currently our Colo changed our Network Address and I had to update our ASA 5510 with the new IP Address and Gateway IP. I'm not familiar with the Cisco ASA 5510. I was able to figure out how to change these items. Under Device Setup, I went to the Interfaces and edited the prexisting IP Address with the new one and applied the change. Then I expanded "Routing" and selected "Static Routes" and edited the Gateway IP. None of the other setting were changed from the previous setup and now I'm unable to access the internet from the inside network and machines outside that need to access a web console behind the firewall cannot be accessed.

Is there another setting I'm missing? Please Help!!!

Thanks for your time!!!

Vibhor Amrodia · ‎10-04-2014

These Steps should help you:-

1) Verify the External IP address on the Internet facing Interface

2) Verify the Default Gateway and next hop IP

3) Ping Next Hop and Any Internet IP from the ASA device using PING command(ping <ip address>)

4) Check the Outbound NAT on the ASA device.

For 8.2 and below:-

nat (inside) 1 0 0

global (outside) 1 interface

For 8.3 and above:-

object network obj-any

subnet 0 0

nat (inside,outside) dynamic interface

NOTE:- This can vary as per your requirement.

5) If all the above steps are good , post this output from the ASA device:-

packet input inside tcp <Any Internal IP> 3456 4.2.2.2 80 det

NOTE:- I assume Inside as your Internal Subnet interface and outside as your interface facing interface.

Thanks and Regards,

Vibhor Amrodia