I am currently trying to configure sub-interfaces on my ASA 5520. During my setup things seemed to go smoothly but once I hooked everything up there is no communication from one end to the other. Basically I am trying to access a webserve on the DMZ side from a computer on the Outside, but when I try my Dell 2724 doesnt seem to be able to access the website on the DMZ side from Outside. This is very basic general configuration that I have set up on the ASA so far.
I have also included a document with my complete setup. If anyone out there has suggestions, commands I should enter or anything at all... it would be much appreciated. I am just wondering which port I should tag eggress traffic and which I should untag it. I would assume that the port that the request is comming in on should Tag the traffic because it needs to head through the switch and through VLAN 10 to be routed to the DMZ network. I have tried many combinations of access-lists, static routes and other things and I am starting to get a bit frustrated. If anyone has some insight... it would be a life saver.
Try re-write the access-group OUT from "access-group OUT in interface outside66" to "access-group OUT in interface Outside66".
Also, permit ICMP@ping to ease troubleshooting (access-list OUT permit icmp any any) and to let you know that the DMZ server is reachable. This allows you to narrow down the troubleshooting scope. You can always remove the icmp later.
No luck on the change from outside66 to Outside66 unfortunatly. I did notice something strange. I attached the computer on the outside network to the port on the 2724, and set it up to Tag eggress traffic because the request would have to be tagged I assume for it to pass itself to Vlan10 on the ASA. Whenever I do this... I cant ping the switch from the server anymore, but if I unplug it from the tagged port and plug it into any random port with no Vlans assigned to it, I can ping just fine. I also tried Untagging that port and I still couldnt ping. Not sure what the problem is there.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...