The pictures should illustrate, that NAT, routing and access rules are working as planned. as clarification, no I don't have a working WAN connection with the PAN. Flows and sessions have been created and no drop.pcap was made, only receive, firewall and transmit ![]() As Numan advised I've created the packet captures, nothing dropped. pinged the given IP from my smartphone -> ping successfully even with no access rule allowing the ping and no mgmt profile set on the IF -> this makes me believe, i've got the wrong account for dialing in tested with disabled automatically create default route pointing to peer and also with enabled setting -> no difference ![]() pinging from given IP to GW IP didn't work, changed auth prot to chap, pap and auto with no difference The results are kinda disappointing and here is the summary: So I just finished the Test for my morning timeframe. Let us know if this helps you resolve the issue. This will help you narrow down the issue. Show session all filter source destination Īfter your test has been done stop all the captures and filters and see if global counter show you anything why it is dropping the traffic or if you have getting pcap with drop stage. On the 2nd window run the following command to look at he sessions Show counter global filter packet-filter yes delta yes On 1 run the following command to look at the counter ( make sure it run this command once before running the traffic) Set Filter ID 2 to be the exact inverse of what you did in step 3 (destination IP in source field, Source IP in destination field)Ĭreate and name the file stage for a packet capture on all the stages (receive, transmit, firewall and drop)ĭebug dataplane packet-diag set filter onĭebug dataplane packet-diag set capture on Set Filter ID 1 to be the source IP and destination IP of traffic you feel is affected ( leave all other fields blank ) Need to setup the filters for the traffic we are interested in. If that fails you can trouble shoot it doing the followingġ. Then try to use the internal interface using the same command. If this is successful then atleast you have connection from public interface to upstream. Ping source (188.110.47.216 or the ip you are getting on the public interface) host 8.8.8.8 Try ping from CLI using source as external ip to make sure you have connection upstream. However when you are pinging you are not seeing the traffic. The traffic is being seen in both directions. From the logs it seems you are able to do web-browsing and google analytic. Just to clarify you are able to browse the traffic however you are not able to ping 8.8.8.8. I'm grateful for ideas to solve this issue The other frustrating point is that i have very limited time windows for testing. All interfaces are added in the virtual router and the correct access list has been hit, so i am quite clueless why it is so difficult to get the wan connection working. After the PA established the PPPoE Session i checked if it received the default route via CLI and it was there, NAT is source NAT+PAT of course. Something I've noticed so far is that our ASA always gets an IP from the 84.x.x.x - 86.x.x.x public ip range. ![]() The session is build just fine, traffic is allowed via accessrules and nat'ed correctly, but I just don't can't ping 8.8.8.8 or get any other traffic responses. ![]() WAN connection is established via ADSL and PPPoE. The first is a small cisco ASA 5505 for client breakout and a MS TMG(yeah i hate,too) for publishing the Servers.įor the first step I am trying to replace the ASA. I am currently tasked to replace two firewalls we have in the company.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |