I am working on moving from our ASA5510 to an ASA5512 and am rebuilding the config from scratch as a clean up. When I put the 5512 into prod we have a problem with our Sophos Proxy appliance in the DMZ. It can not get out to the internet however users can get to it just fine from the inside and outside. It has one foot in the DMZ (Nat'd) and one foot on the trusted network.
If I look at the ASA logs I see the traffic from the Sophos DMZ link going to outside IPs but it is hitting the Inside interface not the outside interface!!! The default route on the ASA points to the outside and everything else seems to work just fine! If I look at the default route on the Sophos appliance it shows as pointing to the IP address of the DMZ interface on the ASA.
Put back the 5510 and everything works just fine...
Anyone ever seen this before? What in the world am I missing?
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...