Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
0
Helpful
3
Replies

ASA 8.25 upgrade to 9.14 problem

Go to solution
sprocket10
Level 2
Level 2

‎12-13-2013 05:32 AM - edited ‎03-11-2019 08:17 PM

We have just upgraded our ASA 5510 from 8.25 to 9.14 via 8.47 using ASDM and everything seemed to be working.

However we have an external program that accesses a server in our DMZ that has stopped and we just cant see the issue.

Without copying in our entire asa config, is there anything obvious that anyone can think of that could be causing the issues. We have been looking at the NAT and access rules and trying to work out how it has changed.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Are Endrerud
Level 1
Level 1

‎12-13-2013 12:40 PM

The first things that spring to mind is og course NAT and ACL. Maybe check the arp that are registred to the dmz interface. Also run a "show xlate" and check for the dmz server address.

Are there no connection ? ICMP (ping) ?

Hsve you run the packet tracer, either from asdm CLI ?

Sent from Cisco Technical Support iPhone App

Please rate as helpful, if that would be the case. Thanx

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Are Endrerud
Level 1
Level 1

‎12-13-2013 12:40 PM

The first things that spring to mind is og course NAT and ACL. Maybe check the arp that are registred to the dmz interface. Also run a "show xlate" and check for the dmz server address.

Are there no connection ? ICMP (ping) ?

Hsve you run the packet tracer, either from asdm CLI ?

Sent from Cisco Technical Support iPhone App

Please rate as helpful, if that would be the case. Thanx
0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-14-2013 04:36 AM

Hello,

PRovide the output you will get from

packet-tracer input outside tcp x.x.x.x (host on the outside that connects)  1025 y.y.y.y (public address of server) # (port where it listens)

Example

packet-tracer input outside tcp 4.2.2.2 1025 8.8.8.8 80

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
sprocket10
Level 2
Level 2

‎12-15-2013 07:40 AM

In case anyone has the same issue.

Our managed Internet provider had to make a few simple route changes to their firewall.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113577-ptn-113577.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card