I'm working on an ASA that currently sits behind another device that the ISP equipment terminates on. The device has the real external addresses for the network (A.B.C.100) and it has a private range of 10.0.0.100 for the internal network. The ASA in turn has an outside address of 10.0.0.101 and it's default route sends all traffic to the 0.100 address which forwards it on. I've been asked to remove the extra device and just have the ISP terminate directly on the ASA. When I do this and assign the ASA the public address my internal clients are all able to get out as normal. I removed the outside_in access-list and recreated it, substituting A.B.C. in any place that 10.0.0. was previously. I also did the same with the static translations and I did a "clear xlate" and a "clear local-host all" after removing the old translations and adding the new ones. For some reason at least 3 of the servers that have a 1-to-1 translation are no longer able to access the internet once I add the static translation. I've included the nat and global statements and the access-lists they reference in case it helps. I can post the entire sanitized config if needed.
interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.0.225 255.255.0.0
I had tried removing the nat (outside) statements and it didn't work as far as I remember. I know the 2nd nat statement is used for their vpn clients to have access to the internet through the ASA. I'll try to add the access-list entry the next time I make an attempt at this as well. After reverting the changes last time I was made aware that there is a 4-port Linksys switch upstream of the load-balancer and ASA; so the connection goes ISP --> Linksys --> Load-Balancer (to be removed) --> ASA. I was thinking next time I will reboot the Linksys in case it has any stale mac entries referencing the load balancer. This config only has the inside and outside and the inside hosts are translated to their outside address via static statements (just did a 1-to-1 since there are available ips and this is how it presently is set up).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...