Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
214
Views
0
Helpful
1
Replies

Help with CBAC

John Blakley
VIP Alumni
VIP Alumni

‎12-12-2008 06:55 AM - edited ‎03-04-2019 12:41 AM

All,

I have the following scenario. I have an 871W router connected to the internet.

Public IP: x.x.x.x

private IP: 10.20.1.1

The wireless clients connect and pull a 10.20.1.x address from a local pool on the router.

Behind this, I have an ASA:

public ip: 10.20.1.2

private ip: 10.20.0.1

I have a host behind the ASA:

10.20.0.50

CBAC works great for the clients on wireless or hardwired into the 10.20.1.0 network, but it stops working for the hosts behind the ASA. I didn't see any traffic from these hosts or the 10.20.1.2 address under "sh ip inspect sessions" command.

Is there anything special that I need to do in this scenario?

Thanks,

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-13-2008 01:15 PM

Hello John,

I suppose CBAC is enabled on 871.

just a basic check

what is the default gateway / next hop of default route on the ASA box ?

is the net 10.20.0.0/xx known on the 871 ?

there is a static route with next hop 10.20.1.2 on 871 ?

Have you got connectivity between 10.20.1.1 and 10.20.0.x with x=1 and x>1 ?

There are NAT rules on the 871 that include the 10.20.0.0 subnet ?

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card