• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

Public IPs behind Router which is Behind ASA

I have a setup where I finally got it working with help from people on here however now Im running into an issue where some of the public routable servers cant get to the internet, but i can access them externally.

I have a Cisco ASA 5520 on the front end and GE0/0 is assigned an obvious block of 25 Routable IPs, i only use these for some nat translactions

Next Hope is a Cisco 4506 thats just in a dummy mode, basically write erase mode, no vlans no other configs to speak of.

The next hop would be a router which has two nics which are both plugged into the switch, GE0/1 has a public routable ip (this is a different block the that of the ASA).  I can reach and ping this IP from the outside world

GE0/2 is just the internal 10.11.11.0 network

My DMZ are sitting on a server and an intel quad port et has all four ports assigned for four vswitches, which most work excluding two servers which dont get to the internet, but i can get back to them from the internet.  They share the same vswitch as 40 other servers and those are not having issues.

They can ping anything on the local network, the internal interface on the asa etc without any issues

I just got done trying to create a vlan 200, assigned all ports on the switch that belong to the public routable ips, i didnt assign an ip address through (no ip address), the normal ones could again get out to the net and net in, but again these two wouldnt, starting to drive me up the wall, theres no reason for them not to, one is an exchange edge server and its getting mail without any issues
Scan.jpg
0
TestMonkey
Asked:
TestMonkey
  • 3
  • 2
1 Solution
 
Paul SolovyovskyCommented:
not sure what is working or not working.  Please provide config of switch and rule set and what you are trying to accomplish.  If you have your VLANs on the inside trying to get out on  a single interface of the ASA then you need to create subinterfaces on and routes so it know where to go.
0
 
TestMonkeyAuthor Commented:
The switch has no config, just dummy mode, nothing set

No vlans are configured, the switch just has a no ip based vlan 1
0
 
Paul SolovyovskyCommented:
You are saying that you're gettign past the switch and to the ASA..I'm missing something here
0
 
TestMonkeyAuthor Commented:
The router and asa are both plugged into the 4506, 4506 in this case is in dummy mode which works, some ips didnt work some did

I just solved it anyways, i removed all the Nat settings from my router and Im leaving it to the firewall, seems to have fixed everything.
0
 
TestMonkeyAuthor Commented:
It worked
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now