Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot get communication through to new Interface ASA5510

I have recently enabled the 4th interface on the ASA 5510. I assigned a 10.16.0.5/16 address but cannot get any machine inside it to communicate with any machines on the inside or dmz subnets.

The objective is for inside clients to access service ports 443,80,1494,2598 on the govman subnet. Then to enable free communication between dmz and govman. Been trying for 2 days now.

My config file is attached.

1 REPLY
New Member

Re: Cannot get communication through to new Interface ASA5510

Hi, please check followed two items first:

1. route outside 10.1.7.0 255.255.255.0 10.16.0.1 1

Is it conflict with gov interface 10.16.0.5/16 ?

2. nat

global (govman) 1 interface

nat (govman) 1 0.0.0.0 0.0.0.0

change to ->

global (govman) 10 interface

nat (govman) 10 0.0.0.0 0.0.0.0

This make dmz<->gov communicate. If your don't want to nat between dmz and gov, use "static identity nat" or "nat exemption"

94
Views
0
Helpful
1
Replies