users
|
Mikrotik -- Internet
|
ASA
|
ServerA and ServerB
I'm trying to troubleshoot a problem with a new Cisco ASA 5505. The network design is as above – the Microtik is the existing router, ServerA and ServerB used to plug directly into it.
ServerA has IP 10.30.1.10, ServerB has IP 10.30.1.11
The ASA is configured with no NAT, a "allow anything" firewall, and uses the microtik as its default gateway. In effect, it is currently a simple IP router; the firewall and VPN stuff will all come later once the basics are working.
Th problem is access to ServerA and ServerB is erratic – sometimes it will work, sometimes it will fail. It can fail for either one of the servers only, or both.
When it is working:
The Mikrotik logs show ping packets being sent out over the proper interface
The ASA logs show the incoming connections.
When it is failing:
The Mikrotik logs show ping packets being sent out over the proper interface
The ASA logs show nothing reaching the ASA.
This can fail for one server only (e.g.: the Mikrotik is putting out packets to 10.30.1.10 and 10.30.1.11, but the ASA is only seeing packets arrive destined for 10.30.1.11)
It can fail for one source only (e.g.: ClientA on the users network can ping 10.30.1.11, but clientB cannot)
The problem can also be seen from the mikrotik router itself; sometimes it can ping ServerA and ServerB, sometimes it can only ping one of them
What could be causing this? I can't think of any possible cause that is intermittent and could explain why the problem may occur for one destination server and not others.
edit:
Link to ASA config
Best Answer
I wonder if you need to put in identity NAT configs on the ASA:
Also, check the ARP tables on the ASA (show arp) and the servers to make sure they have the correct IP->hw addresses.
And check the routing tables on every device as well.