My company has purchased a ASA 5510 and a ISA 2006 server to replace the existing Front End/Back End Pix 520's we currently have. Instead of doing a full cutover, I have decided to bring them up in tandem and test the configuration. I have set up the ASA how I want to and pretty much modified the existing Front-End Pix config to fit the Front End ASA. When running some tests in the DMZ like basic web traffic, I am unable to reach the internet using the ASA as the default gateway form a pc/server in the DMZ. My nat and global statements are correct and my route is pointing to the Internet Router. I have included a diagram to help see what I am trying to accomplish.
I found the G D&%@ problem. The server I was using already has a static nat statement on the ASA and on the Pix. So when I try to access the web, it was sending the return packet back to the PIX. I used a laptop and gave it a ip that wasn't static natted, and it works. Now trying to work out the issue on why the web is so slow using the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...