Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

An ASA5510's desperate cry for help!

Please HELP! I have reduced my network to two machines, an internal DNS server, and my webserver on the DMZ. I believe I have the proper ACL's configured to allow DNS and web traffic. But for some reason I dont get a web page on either machine. I have looked at the debugging monitoring and I can see the connections being built and torn down. Where am I going wrong here?


Re: An ASA5510's desperate cry for help!

Your NAT config is rather complicated. You seem to be trying to hide various IPs but I can't get mr head round it and suspect this is where the problem lies.

Far simpler not to NAT between DMZ and inside. To change your config to do this:

no global (Inside) 2 interface

no global (DMZ) 1 interface

no static (Inside,DMZ) netmask dns

no static (DMZ,Inside) netmask dns

no static (Inside,DMZ) netmask dns

static (Inside,DMZ) netmask dns

clear xlate

New Member

Re: An ASA5510's desperate cry for help!

Thanks for the fast reply Grant.

I am unclear on the whole global address pool with the NAT'ing. It looks like from what you have written above that you are not using a global pool, but the address of the interface, correct?

I have attached a really rough drawing of my network. I am trying to keep things as simple as possible.