Public IPs behind Router which is Behind ASA

Posted on 2011-04-22
Last Modified: 2012-05-11
I have a setup where I finally got it working with help from people on here however now Im running into an issue where some of the public routable servers cant get to the internet, but i can access them externally.

I have a Cisco ASA 5520 on the front end and GE0/0 is assigned an obvious block of 25 Routable IPs, i only use these for some nat translactions

Next Hope is a Cisco 4506 thats just in a dummy mode, basically write erase mode, no vlans no other configs to speak of.

The next hop would be a router which has two nics which are both plugged into the switch, GE0/1 has a public routable ip (this is a different block the that of the ASA).  I can reach and ping this IP from the outside world

GE0/2 is just the internal network

My DMZ are sitting on a server and an intel quad port et has all four ports assigned for four vswitches, which most work excluding two servers which dont get to the internet, but i can get back to them from the internet.  They share the same vswitch as 40 other servers and those are not having issues.

They can ping anything on the local network, the internal interface on the asa etc without any issues

I just got done trying to create a vlan 200, assigned all ports on the switch that belong to the public routable ips, i didnt assign an ip address through (no ip address), the normal ones could again get out to the net and net in, but again these two wouldnt, starting to drive me up the wall, theres no reason for them not to, one is an exchange edge server and its getting mail without any issues
Question by:TestMonkey
    LVL 42

    Expert Comment

    not sure what is working or not working.  Please provide config of switch and rule set and what you are trying to accomplish.  If you have your VLANs on the inside trying to get out on  a single interface of the ASA then you need to create subinterfaces on and routes so it know where to go.
    LVL 1

    Author Comment

    The switch has no config, just dummy mode, nothing set

    No vlans are configured, the switch just has a no ip based vlan 1
    LVL 42

    Expert Comment

    You are saying that you're gettign past the switch and to the ASA..I'm missing something here
    LVL 1

    Accepted Solution

    The router and asa are both plugged into the 4506, 4506 in this case is in dummy mode which works, some ips didnt work some did

    I just solved it anyways, i removed all the Nat settings from my router and Im leaving it to the firewall, seems to have fixed everything.
    LVL 1

    Author Closing Comment

    It worked

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    vm nic duplex 1 33
    Configure HP 5500 Switch with Comware 15 33
    Cisco ACS TACACS server - adding a secondary 2 21
    Arista Switches 2 14
    We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now