I apologize in advance if I have posted this in the wrong forum. If this needs to be posted somewhere else please let me know and I will do so. The environment is as follows:
1) Mutlipe sites connected to a MPLS network with Cisco 1800 series routers. For simplicity we'll say the networks have the following subnets:
- Site A: 192.168.10.0/24
- Site B: 192.168.20.0/24
- Site C: 192.168.30.0/24
2) The connection for internet traffic is all routed through Site C and a Cisco ASA 5505 is being utilitzed as an internet firewall and also to connect Site B and Site C using the site-to-site VPN.
3) The MPLS router at site A is using 192.168.10.1 and the MPLS router at site C is using 192.168.30.1. The Cisco ASA device at site C is using an IP address of 192.168.30.254 and the ASA device at site B is using 192.168.20.1. Site B does not have a Cisco 1800 series router. They only connect to the rest of the network thru the site-to-site VPN.
4) The default GW for Site A is 192.168.10.1, the default GW for site B is 192.168.20.1 and the default GW for site C is 192.168.30.1
5) The default route inside the MPLS network sends all other traffic to 192.168.30.254 for the internet and also Site B.
On a weekly basis we are having to reboot our Cisco MPLS router at Site C. All traffic just stops working and after they are rebooted they continue to work just fine. I do not have access to the routers and I'm unable to pull any counters that may be necessary to determine what exactly is going on. At site C, internet is slow at times with timeouts occuring. Once the timeouts start to occur the MPLS router goes down. If I change my default GW to the ASA device, internet traffic is fast as it should be. We are utilizing a 6MB fibre internet connection. The ISP is located next door to us. When I set my default GW at site C to the ASA I'm unable to reach the 192.168.10.0 network. When I connect to the ASA device I'm able to run the ping utility and ping any address in Site A with no problem. All packets receive a response back. When I run the packet trace utility and source the packet from any address in Site C the packet is dropped due to a ACL. I've attached a screen print of the ACL screen along with the packet trace utility results.
I believe this may be causing my other network issues. I'm not able to figure out what rule to add to allow any traffic internally. I do not want it to drop any packets if they are on the internal interface of the ASA. Running the packet trace determines that the source and destination address is on the internal interface so why would it be dropping the packet when allowing any any on the internal interface? Basically what I am wanting to do is allow anything on the internal interface and not drop or deny anything. My only concern with denying any access is on the external interface.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...