We recently bought another company that had an old PIX box (PIX-501, SW version 6.3(4) ) on their network. As that box was old and barely (if at all) upgradeable, we decided to replace it with an ASA 5505. I copied the config as closely as I could, and we tried it. What we found was that it worked for the most part, but for some reason only a limited number of people could access the internet. Looking at the ASDM graphs, I'm seeing several hundred NAT translations in use at any given time, with a max of around 1,200, and there is nothing showing up in the log above informational level. The device is set up to translate all inside addresses to two outside addresses using PAT, but so was the old PIX box, so I wouldn't think that would be the issue. Where would be the next place to look, given that the logs are unhelpful (unless I just need to increase the logging level from warnings)?
Since you said a limited number of people could get on, I'd make sure that you're licensed for enough people. The ASA will block outbound traffic when it meets its license threshold. The default, I believe, is 10 users.
Do a "sh ver" at the console, and you'll be able to see what you're licensed for. I'm not sure about ASDM, but you *might* be able to find it on the main page.
Thanks for the response. This device has a standard license which, if I recall correctly (it's not online at the moment, due to it not working) says "Inside Hosts 50." is this the section you are referring to? If so, then why does it say it is doing over 300 NAT translations? Or is it that it makes the translation, but still blocks the traffic? One thing we have been unclear on through this whole process is what, exactly, that 50 inside hosts actually means. Looking at the license features on the other ASA box we have here (5510 with a security plus license and unlimited inside hosts), I don't see anything else that even possibly relates to internet traffic from inside.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...