Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Checkpoint and ASA

Inside I have 2 networks: 10.10.x.x and a 10.199.x.x

My ASA interfaces was the following:

E0/0 Public IP

E0/1 10.199.1.2/24

E0/2 10.10.144.47/22

I put a checkpoint in front of the ASA and changed to the following:

Checkpoint Ext. 10.10.144.47/22

Checkpoint Int. 192.168.1.1/30

ASA E0/1 10.199.1.2/24

ASA E0/2 192.168.1.2/30

Now I am having trouble talking between the networks 10.199.x.x and 10.10.144. x

I have attached ASA config.

Thanks in advance on any help provided

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Checkpoint and ASA

Hi,

So if I am looking correct then the "insideNOV" interface leads to the Checkpoint which has the other LAN network behind it?

The interface ACL for the interface is not really clear to me as it contains a lot of "name" and "object-group" references which are not mentioned. It seems though that on multiple occasions you have referenced the NOV network as the destination. Should this not be the source network as that network is located behind that interface?

Also with regards to the routing you have only shared your Default Route in the configuration.

Do you have a route for the NOV network towards "insideNOV" ?

route insideNOV 10.10.144.0 255.255.252.0 192.168.1.1

Does the Checkpoint have the appropriate routing and other configurations to allow the traffic?

- Jouni

2 REPLIES
Super Bronze

Checkpoint and ASA

Hi,

So if I am looking correct then the "insideNOV" interface leads to the Checkpoint which has the other LAN network behind it?

The interface ACL for the interface is not really clear to me as it contains a lot of "name" and "object-group" references which are not mentioned. It seems though that on multiple occasions you have referenced the NOV network as the destination. Should this not be the source network as that network is located behind that interface?

Also with regards to the routing you have only shared your Default Route in the configuration.

Do you have a route for the NOV network towards "insideNOV" ?

route insideNOV 10.10.144.0 255.255.252.0 192.168.1.1

Does the Checkpoint have the appropriate routing and other configurations to allow the traffic?

- Jouni

New Member

Checkpoint and ASA

Jouni,

Thanks so much, I was forgeting the insideNOV inside the command.

Thanks again,

Bobby

87
Views
0
Helpful
2
Replies