Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA5510 Strange NAT Problem

Status
Not open for further replies.

ssalyers

IS-IT--Management
Jun 29, 2011
3
CA
Hello all and thanks in advance for any help. Sorry to be so long-winded but it is a fairly complicated setup and wanted to give an overview of the entire config.

Here is my situation I have a Cisco ASA5510 and we have 2 ISPs (PrimaryISP & BackupISP). We have recently changed our PrimaryISP but these problems developed LONG after that. The PrimaryISP is an ethernet handoff from a fiber circuit that goes into an open switch and then to the ASA. The backup circuit is an ethernet handoff that goes into a Cisco 1841 router and then into the same open switch which is then connected to a different port on the ASA. The PrimaryISP IP block is a /25. The BackupISP consisits of a /29 (public address on ASA) plus an additional /26 AND /25. The BackupISP circuit is used for Site-to-Site VPN connections from HQ to the datacenter and remote offices. It also serves incoming connections and as backup for our Anyconnect VPN clients and backup internet access at HQ. The ISP for the Backup had an outage about 2 weeks ago and since the outage I am unable to get incoming NAT rules to work. I can see the traffic passing through the 1841 to the ASA but once at the ASA I get a "no valid adjacency" as well as other erros. I have cleared xlate and arp, rebooted the ASA and the 1841, cleaned the config of all ACL's & NAT rule that would affect it and readded a single NAT that will not work for any of the BackupISP's ranges. Everything else (Anyconnect, site-to-site etc...) is working correctly.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top