I have a cisco 6509 switch which 4 networks are connected to it..
the default routed is pointed to our ISP's router. We are using NAT for address translation for these ranges.This works great
I now have a Cisco ASA that I want to deploy. I want the 172.20.200.0 network to go through the ASA to get to the internet. So I have created the following PBR setup..
The IP of the router gateway is 172.20.200.1
The IP of the ASA is 172.20.200.2.
access-list 172 permit ip 172.20.200.0 0.0.0.255 any
route-map pix-172-20-200 permit 10
match ip address 172
set ip default next-hop 172.20.200.2
interface vlan 172
ip address 172.20.200.1 255.255.255.0
ip policy route-map pix-172-20-200
This policy map is working fine..
Here is why my problem lies...
I have a server at 172.20.200.6 that I need to get to from outside the network (public IP).
I have made to correct configurations on the ASA.
I created a static mapping from 172.20.200.6 to an external address 22.214.171.124 - (not the real ip)
I allowed the correct ports on the ASA through for these addresses. I have about 7 yrs experience with the Pix Os.
The connection is permitted if I watch the debug logs on the ASA, but I can never get connected to the internal system. I am pretty sure it is related to the PBR on the 6509, but I can't think of a way around it. I only want the 172.20.200.0 addresses going through the ASA, but I also need access to other parts of hte network from the 172.20.200.0 network.
Did you apply the static nat config on the appropriate interface?. I mean is this server connected to the same interface as other 172.20 networks is connected?.
I think the problem might be with the command "access-list 172 permit ip 172.20.200.0 0.0.0.255 any" in the route map. It is also sending 172.20.200.6 via the default next hop configured. But this alone can't be said as a reason.
Can you send me the debug log you received. Looking at that, I can get some idea.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :