Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
bdw
Community Member

Intel Adaptive Load Balancing behind ASA5510

I have a Cisco ASA5510 and a server that has Intel PROSet for Wired Connections loaded in an Adaptive Load Balancing mode. When i place this server behind the firewall, everything works fine. However, when I place a rule in the Access-List and a Static Mapping in, all inbound and outbound traffic stops. Any suggestions?

3 REPLIES
Cisco Employee

Re: Intel Adaptive Load Balancing behind ASA5510

your rule seems messy...what rule are you adding ? can you paste your config

bdw
Community Member

Re: Intel Adaptive Load Balancing behind ASA5510

I have mased my external IPs for obvious reasons.

As i stated - the current machines, which only have 1 nic, work fine. when i attempt to pull a server that has dual - nics using Adaptive Load Balancing by Intel, and i add a mapping in (for RDP), the server is unable to browse and any traffic will not make it in.

: Saved

:

ASA Version 7.0(7)

!

hostname wbaiweb

domain-name ####.com

enable password #### encrypted

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address Mas.Ked.0.5 255.255.255.192

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.100.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.11 255.255.255.0

management-only

!

passwd PU6AEZI3KHII8gEh encrypted

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns domain-lookup inside

object-group service 3389 tcp

port-object range 3389 3389

object-group service 25 tcp

port-object range smtp smtp

access-list OUTSIDE_ACCESS_IN extended permit tcp any host Mas.Ked.0.54 eq 3389

access-list OUTSIDE_ACCESS_IN extended permit tcp any host Mas.Ked.0.10 eq 3389

access-list OUTSIDE_ACCESS_IN extended permit tcp any host Mas.Ked.0.55 eq 3389

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

asdm image disk0:/asdm-507.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) Mas.Ked.0.54 192.168.100.54 netmask 255.255.255.255

static (inside,outside) Mas.Ked.0.10 192.168.100.10 netmask 255.255.255.255

static (inside,outside) Mas.Ked.0.55 192.168.100.55 netmask 255.255.255.255

access-group OUTSIDE_ACCESS_IN in interface outside

route outside 0.0.0.0 0.0.0.0 Mas.Ked.0.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet Mas.Ked.0.0 255.255.255.0 outside

telnet 192.168.100.0 255.255.255.0 inside

telnet 192.168.1.0 255.255.255.0 management

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 50

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:xxx

: end

wbaiweb#

Cisco Employee

Re: Intel Adaptive Load Balancing behind ASA5510

hmm..it seems routing issue here...check the "route print" output on your server..is the default gateway correct ?

Add

1)inspect icmp in yoru policy map

policy-map global_policy

class inspection_default

inspect icmp

2)Now turn on debug icmp trace on firewall and ping from the dual nic card server..do you see pings reply ? do you see these request and replies through the firewall in this "debug icmp trace" output ?

3)If you turn OFF one NIC card.I suspect this would work.... get me the logs if possible

483
Views
0
Helpful
3
Replies
CreatePlease to create content