The detailed network diagram is attached. the default gateway of the inside servers is ASA 5520.
Traffic coming from XYZ Branch to the scorpio and alpha server when reach the server, they send back the packet to their gateway which is ASA 5520. traffic when coming to asa is dropped and not reaching back to XYZ LAN.
however following configuration tasks have been done on pix firewall.
1. the static route is configured on ASA 5520 that the traffic destined to the lan of XYZ site, the next hop will be 172.25.1.200 which is router fast ethernet interface.
2.the access-list is configured on the inside of pix firewall allowing all the traffic originating from inside and destined to the XYZ Branch LAN.
3. the nat 0 is configured for the traffic originating from insdie of pix firewall to the XYZ site LAN
what configuration task has to be configured on pix firewall or other devices to sort out this routing issue.
I am slightly confused here. If the clients on xyz LAN initiate a connection to the Alpha and Scorpio servers their traffic will go from the remote site through the central site router and out onto the 172.251.x subnet to the servers i. they won't go to the ASA device.
When the servers reply they go to the ASA and the reply is a syn/ack response. The ASA will drop this because it has no corresponding SYN packet in it's state table as the original connection didn't go through it.
Forgot to mention. if that is the problem then you have two options really.
1) If you have no need to firewall the remote xyz clients for access to the servers then you can add routes to the relevant servers for the remote xyz subnet(s) pointing to the fast ethernet interface on your central site router.
2) if you do need to firewall you will have to create a separate subnet which connects your fast ethernet interface on your HQ router to an interface on the ASA. That way remote traffic from xyz subnet will have to go through the ASA device before it gets to the servers.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...