Changes Caused Necessity to Restart Firewall
Hello Experts,
Have a WHY question... ASA Firewall with IDS. Connections to External Internet, Internal DMZ Zone, Internal Router.
The DMZ Zone has 3 servers. 2 dns and 1 web. Over the weekend, Virtualized these 3 servers to one new server and disabled the switch ports of the 3 servers.
Accessing a Test computer in the DMZ Zone, tested accessibility to the new VS, DNS VS and Web VS Everything worked Perfectly. Access all websites from DMZ Web Server, and Outside Internet sites.
HOWEVER, No Accessibility to Webserver from Outside World. DNS Traffic Gets Thru. Can Remote Desktop to all DMZ Servers from Management Network. Everything execpt http traffic is not working. "Server Not Available" is the Internet Explorer Error.
After Hours of Troubleshooting finally shook my head and restarted ASA. Now Everything works Perfectly and Everythign is Accessible. MY Question . What would cause the ASA to deny http traffic when I switch the 3 Servers to VS and upon restart allow traffic ????
Hope I explained my case well. Any Thoughts would be appreciated.
Have a WHY question... ASA Firewall with IDS. Connections to External Internet, Internal DMZ Zone, Internal Router.
The DMZ Zone has 3 servers. 2 dns and 1 web. Over the weekend, Virtualized these 3 servers to one new server and disabled the switch ports of the 3 servers.
Accessing a Test computer in the DMZ Zone, tested accessibility to the new VS, DNS VS and Web VS Everything worked Perfectly. Access all websites from DMZ Web Server, and Outside Internet sites.
HOWEVER, No Accessibility to Webserver from Outside World. DNS Traffic Gets Thru. Can Remote Desktop to all DMZ Servers from Management Network. Everything execpt http traffic is not working. "Server Not Available" is the Internet Explorer Error.
After Hours of Troubleshooting finally shook my head and restarted ASA. Now Everything works Perfectly and Everythign is Accessible. MY Question . What would cause the ASA to deny http traffic when I switch the 3 Servers to VS and upon restart allow traffic ????
Hope I explained my case well. Any Thoughts would be appreciated.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Cisco
Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).
27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Thinking the process thru, there could really be no reason why packets would be denied unless the ASA is receiving an ARP packet and the MAC address is different than the ARP Cache entry.
The packet is legitimate, however, the Firewall could interpret it as an ARP attack.
Thank you for allowing me to bounce the idea off you guys. It makes sense..