Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Interface troublshoot

i have ASA 5510 which is already configured, with default gateway, VPN, and ets. and work OK.... :)))) My manager want once more Mail server... ISP gave me Public IP and gateway. i assign this public IP on ASA's interface and add static route. It means now i have 2 default gateway. i opened ICMP and IP protocols on the that interfaces (where i assign new public IP) ... One old and outher new one. But i can not ping new IP when old one can....

Any idea ?

8 REPLIES
Community Member

Re: Interface troublshoot

Are your mail servers on the DMZ? Do you want the mail server to be reachable outside? Then you need to NAT those IP's. Also verify that you got the correct public IP's from your ISP. Your outside interface that was give to you by your ISP is on the same subnet?

Community Member

Re: Interface troublshoot

Public IP and its Geatway are in the same SUBNET. No i'm not using DMZ, i just want users inside have to send and receve Mail. i have already made PAT in that interface where new public IP is configured and also i permit ICMP and IP from the outside, but no result :((( hosts inside the network (10.30.30.0/24) cant ping new IP address on the interface ... :(

Community Member

Re: Interface troublshoot

How many interfaces are you trying to use? Do you have an outside interface and inside interface only? Also on your mail server does it reach to a server outside on port 25? Is your mail server located in your inside interface? Can you draw a map of what your trying to do?

Community Member

Re: Interface troublshoot

at this time i have 2 inside network (10.1.1.0/24 and 10.30.30.0/24 >>> second network i made for the new MAIL server)... I also have two ouside interface with two IP's (one is 87.x.x.x and second 77.x.x.x)...

Host 10.30.30.0 cant ping and access with INTERNET...

P.S. there already was static route (outside 0.0.0.0 0.0.0.0 87.x.x.x 1) and i add static route (outside 0.0.0.0 0.0.0.0 77.x.x.x. 1) mabye this config is wrong ... ? ask what U want merely to resolve this problem.. its very imprtant to me :)))

Regard

great TNX bauti1428

Community Member

Re: Interface troublshoot

Do you have dual ISP's? Is the 77.x.x.x connected to another ISP provider?

Check this link for dual ISP http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/examples.html#wp1057935

Configuring Static Route Tracking below.

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/routing.html#wp1118793

Community Member

Re: Interface troublshoot

No i have two public IP. Those IPs are from different ISP...

i config stati route:

route outside 0.0.0.0 0.0.0.0 87.x.x.x 1

route outside 0.0.0.0 0.0.0.0 77.x.x.x 1

My ponts is that: New mail server should be use new IP address (77.0.0.0), and my old network (10.1.1.0) have to access to the new network (10.30.30.0)....

bauti1428, any idea ... ?

regards and many Thanks from ur kindness... :)))

cheers

Community Member

Re: Interface troublshoot

bauti1428, hope U help me ...

Community Member

Re: Interface troublshoot

If you have two ISP provider, you should follow the direction I sent you. Also you can open up a TAC case if you have a smartnet.

137
Views
0
Helpful
8
Replies
CreatePlease to create content