09-10-2014 06:45 AM - edited 03-11-2019 09:44 PM
I have 2 ASA's
One in production with a DMZ connection to a second one that I am using.(called lab)
From within the LAB ASA I can ping to systems on the lab site and to the internal interface on the production ASA.
When I am on a Windows server in the lab I cannot get out to the Internet yet my switch is routing all 0.0.0.0 traffic out thru the ASA's.
When I am on the LAB ASA all rules are successful when I click on the Diagram button.
Anyway to confirm that both ports on the LAB ASA are communicating with each other.
Thanks
DAVE
09-22-2014 03:16 AM
Hi,
I think we would need clarification on the actual network setup to know what the actual problem is but here are some questions and ideas on what to check.
Easiest way to confirm what is happening with the server connections coming from LAB ASA is to check the ASDM realtime logs on the PROD ASA. Just filter the log to show some IP address from LAB subnet and attempt the connections. You should see if the connection attempt gets blocked by the PROD ASA. You should also see (if the connection is allowed) if a NAT is performed for the source address. Naturally using the "packet-tracer" on the PROD ASA would tell you all the rules applied to the connection right away.
But as I said, we really don't have a specific picture of your network at the moment so there might be other problems too.
- Jouni
09-22-2014 04:12 AM
Another tool you can use on the ASA is the packet capture feature. This will show you if the ASA is seeing both the request and reply traffic on both interface (if you configure it for both interfaces). this way you can see if traffic is entering the inside interface and leaving the outside interface but you do not see the return traffic and you are permitting the return traffic (in the case of ICMP) then you can assume that the problem isn't with the ASA but most likely a routing issue farther downstream.
--
Please remember to select a correct answer and rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: