Hi Michael, It sounds like you are on the correct path, but the devil is in the details, so let's talk details with an example.
Assume the Cisco firewall is connected to AstLinux's 1st LAN Interface: AstLinux-LAN IPv4: 10.1.1.1 NetMask: 255.255.255.0 Assume the Cisco firewall has two interfaces (routed, no NAT): AstLinux connected interface: 10.1.1.5/24 Gateway: 10.1.1.1 Cisco-LAN: 10.1.2.0/24 Then in AstLinux add a route using /mnt/kd/rc.elocal: -- /mnt/kd/rc.elocal -- #!/bin/sh . /etc/rc.conf ip route add 10.1.2.0/24 via 10.1.1.5 dev $INTIF -- (Note: use INT2IF if 2nd LAN Interface is used instead of 1st) That is basically it, you will need to enable the DHCP server for the Cisco-LAN in the Cisco firewall. Lonnie PS: Alternatively it may be possible to treat the Cisco firewall as a Layer 2 transparent bridge with some Layer 3 proxy services for inspection/filtering, then the LAN would only be AstLinux's (10.1.1.0/24) and no added route would be needed. While easier from AstLinux's point of view (DHCP/DNS in one place) it would take more Cisco configuring. On May 26, 2016, at 11:05 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi group > > Ok I think I am missing something here as it seems simple but it is not > working and I am pulling out my hair. > > I have an Astlinux appliance connected directly to the Public network where I > am doing NAT(PAT). > The customer wants to protect their data LAN by a Cisco ASA firewall so I > have placed this behind Astlinux on a separate interface and set up a route > using ip route pointing to the firewall outside interface. > All NAT is turned off in the firewall and I am not getting any errors > displayed for both boxes but I am still not getting any return packets on the > firewall LAN. Short of port monitoring the interface to the firewall, I > suspect the Astlinux NAT is not forwarding to the firewall's LAN subnet. Do I > need to do anything to make this happen? Any other ideas? > > Regards > Michael Knill ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
