Re: ASA 5510 Internet Problem

helios999 · ‎07-24-2008

Hi guys, I have a dmz network in the company I worked. A private network is connected to the DMZ interface of ASA 5510. I notices that every morning I have to issue the "clear xlate" command in the IOS so that computers can connect to the Internet.

Can you help me in fixing this guys? Please.... Thanks....

andrew.prince · ‎07-25-2008

post the config please - could be the xlate timeout might be an issue, are you doing PAT or specific Interface NAT...you could be running out of slots (unlikely as there 65xxx) or IP addresses if you are doing 1 two 1 NAT!

HTH>

helios999 · ‎07-25-2008

Hi, thanks for the reply. The xlate timeout was set to 3:00:00. Is it just ok? I was using NAT but for less than 10 IP addresses.

What you think is the problem? Do I still have to post the config?

andrew.prince · ‎07-26-2008

That is the default and generally that setting is OK. What device & version of IOS are you running?

helios999 · ‎07-27-2008

Hi, I posted the config of our ASA 5510 here. Please kindly check on it. Just this morning I have to issue the "clear xlate" command again so I can access the Internet from the DMZ interface of the Firewall.

I will wait for your reply. Thanks.

dhananjoy chowdhury · ‎07-28-2008

Hi,

NAT the DMZ ip subnet with a specific public IP and not with the outiside interface.