Hi folks, hoping someone out there can point out why I am having a few difficulties on my network.
We have 2 seperate internet connections protected by ASA Firewalls, one in our main datacenter and another in our DR datacenter. I have drawn a very simplistic diagram at http://postimg.org/image/qcmrulnrx/ please take a look.
I have a problem when I try to translate one of our public IP addresses being routed to our site B firewall. Say I have a website on server A, internal address 192.168.12.51.
I want to make it publically available via one of the IP's currently routed to our DR firewall, so i create a rule to Xlate from 118.220.X.X to 192.168.12.51
However when i try to initiate a connection from an external machine - say 68.232.X.X and examine the traffic using ASDM i can see the built inbound tcp connection from the public IP to the internal IP is ok. But when i then filter based on the internal IP of the server i can see the SYN timeout error.
Teardown TCP connection 20738497 for outside:68.232.X.X/40717 to inside:192.168.12.51/80 duration 0:00:30 bytes 0 SYN Timeout
When I change the Public IP to one being routed to Firewall A, it works with no issues.
A couple of important points, which could be affecting this (perhaps there is a circular routing issue here?)
The catalyst 3750 has a default route to pass any traffic that it doesnt have a routing table entry for to the firewall in site A
Server A's default gateway is to the VLAN12 interface on the catalyst 3750
The catalyst 3650 (site B) has some static routes in there to route the 118.220.X.X/29 network to FIrewall B (19.168.201.20)
Its probably something very simple, any ideas?