We have asa's at our hotels. We have a brand network and our local network. I am trying to get the 172 nw to access the opera server and back. The given us a port on their netgate to access the server and assigned it the 172.16.10.200 address. I had the sae configuration that you see now working and then we had to replace the asa and we can no longer get the connection to access the opera server. I have a host entry on all the workstations that use to access the server. any ideas?
Do you mean that the gateway behind which the Opera network is found is supposed to be 172.16.10.200?
I am just wondering as your ASA has a route towards a gateway address of 172.16.10.221
Also I am kind of wondering how this setup has worked. It would seem to me to possibly be a setup with asymmetric routing. I mean your hosts on the network 172.16.10.0/24 probably use the ASA as their gateway and you have the network to which you need to connect through a gateway that is located in the same network.
To me it would seem that the connection forming would go like this
Host on the network 172.16.10.0/24 sends TCP SYN to Opera server through ASA (default gateway)
TCP SYN reaches the server and server replies but the TCP SYN ACK is sent back from the Opera gateway directly to the host
Host sends the TCP ACK to the ASA (default gateway) and ASA blocks it as it has not seen the TCP SYN ACK at any point
Atleast to me it would seem to be the situation but I might be wrong.
This situation is usually avoided by using TCP State Bypass.
But I am not sure what the actual problem is at the moment.
The gateway is 172.16 10.221. Sorry about that. We use to be able to access the opera server through a browser at 10.170.195.12 but it no longer resolves after I replaced the asa. 172.16.10.221 is the address they assigned to the netgate port we plugged into. All traffic from 172.16.10.0 going to the operaserver went through that port on their netgate.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...