Urgent help required(Problem after replacing PIX with ASA)

admin_2 · ‎11-21-2008

Farrukh Haroon · ‎11-22-2008

What is the problem? :)

Report Inappropriate Content · ‎11-22-2008

Hi ,

I have replaced my pix-515e with asa5520-k9(Version 8.0(3)6).

I am facing an issue where i am having two servers on inside which r clustered.

From my outside interface i can connetct to server1 and srver2 but not the cluster ip.

I have natted all the three ip addresses statically.

Ur help needed as i caanot connect to the cluster ip,my application is not working.

static (inside,outside) 10.30.147.155 172.16.25.200 netmask 255.255.255.255 -----cluster ip

static (inside,outside) 10.30.147.153 172.16.25.100 netmask 255.255.255.255

static (inside,outside) 10.30.147.154 172.16.25.101 netmask 255.255.255.255

I cant access the cluster ip address but access the physical ip address.

Regads

Mahesh

Farrukh Haroon · ‎11-23-2008

If you mirrored the configuration, then I doubt this has anything to do with the ASA. Have you allowed all three IPs in the ACL as well?

Anyway, can you run the following command on the server and post the output here?

packet-tracer input outside tcp 4.4.4.4 1025 10.30.147.15 80 detailed

Just make sure you replace 80 with the 'service' port running on your app.

Regards

Farrukh

Report Inappropriate Content · ‎11-23-2008

Thanks farrukh for ur reply,

I am getting hit counts for the respective acl.

When i replace my asa with pix then my config works fine.

I will definitely move ahead with the packet tracing alternative and revert back with the outcome.

Regards

Mahesh