An ASA5510's desperate cry for help!

sdettelepak · ‎08-14-2006

Please HELP! I have reduced my network to two machines, an internal DNS server 192.168.11.10, and my webserver 10.10.10.2 on the DMZ. I believe I have the proper ACL's configured to allow DNS and web traffic. But for some reason I dont get a web page on either machine. I have looked at the debugging monitoring and I can see the connections being built and torn down. Where am I going wrong here?

grant.maynard · ‎08-15-2006

Your NAT config is rather complicated. You seem to be trying to hide various IPs but I can't get mr head round it and suspect this is where the problem lies.

Far simpler not to NAT between DMZ and inside. To change your config to do this:

no global (Inside) 2 interface

no global (DMZ) 1 interface

no static (Inside,DMZ) 10.10.10.3 192.168.11.10 netmask 255.255.255.255 dns

no static (DMZ,Inside) 192.168.11.12 10.10.10.2 netmask 255.255.255.255 dns

no static (Inside,DMZ) 10.10.10.4 192.168.11.11 netmask 255.255.255.255 dns

static (Inside,DMZ) 192.168.11.10 192.168.11.10 netmask 255.255.255.255 dns

clear xlate

sdettelepak · ‎08-15-2006

Thanks for the fast reply Grant.

I am unclear on the whole global address pool with the NAT'ing. It looks like from what you have written above that you are not using a global pool, but the address of the interface, correct?

I have attached a really rough drawing of my network. I am trying to keep things as simple as possible.