Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Help with CBAC

All,

I have the following scenario. I have an 871W router connected to the internet.

Public IP: x.x.x.x

private IP: 10.20.1.1

The wireless clients connect and pull a 10.20.1.x address from a local pool on the router.

Behind this, I have an ASA:

public ip: 10.20.1.2

private ip: 10.20.0.1

I have a host behind the ASA:

10.20.0.50

CBAC works great for the clients on wireless or hardwired into the 10.20.1.0 network, but it stops working for the hosts behind the ASA. I didn't see any traffic from these hosts or the 10.20.1.2 address under "sh ip inspect sessions" command.

Is there anything special that I need to do in this scenario?

Thanks,

John

HTH, John *** Please rate all useful posts ***
1 REPLY
Hall of Fame Super Silver

Re: Help with CBAC

Hello John,

I suppose CBAC is enabled on 871.

just a basic check

what is the default gateway / next hop of default route on the ASA box ?

is the net 10.20.0.0/xx known on the 871 ?

there is a static route with next hop 10.20.1.2 on 871 ?

Have you got connectivity between 10.20.1.1 and 10.20.0.x with x=1 and x>1 ?

There are NAT rules on the 871 that include the 10.20.0.0 subnet ?

Hope to help

Giuseppe

105
Views
0
Helpful
1
Replies