Options
ASA - Virtual FW Classification Failed
mikearama
Member Posts: 749
I have a shared interface that, according to this link:
Cisco Security Appliance Command Reference, Version 7.1 - show asp drop through show curpriv Commands [Cisco ASA 5500 Series Adaptive Security Appliances] - Cisco Systems
... failed to classify to any specific context interface.
Recommendation: Use the global or static command to specify the IPv4 addresses that belong to each context interface.
So in the appropriate context I ran:
static (Bridge-Con1,Outside-Con1) 10.22.160.70 10.22.160.70 netmask 255.255.255.255
I actually did this via the ASDM. However, I still cannot connect to the DMZ host in question from this IP, the error still occurs when I run PacketTracer.
When I deleted the static nat, the CLI rendition of the command was:
no static (Bridge-Con1,Outside-Con1) 10.22.160.70 10.22.160.70 netmask 255.255.255.0
clear xlate interface Bridge-Con1 global 10.22.160.70 netmask 255.255.255.0
I sure would have thought this would follow the recommendation above... but, still no joy.
If any of you security junkies has come across this issue and resolved it, I'm so appreciate it.
Mike
Cisco Security Appliance Command Reference, Version 7.1 - show asp drop through show curpriv Commands [Cisco ASA 5500 Series Adaptive Security Appliances] - Cisco Systems
... failed to classify to any specific context interface.
Recommendation: Use the global or static command to specify the IPv4 addresses that belong to each context interface.
So in the appropriate context I ran:
static (Bridge-Con1,Outside-Con1) 10.22.160.70 10.22.160.70 netmask 255.255.255.255
I actually did this via the ASDM. However, I still cannot connect to the DMZ host in question from this IP, the error still occurs when I run PacketTracer.
When I deleted the static nat, the CLI rendition of the command was:
no static (Bridge-Con1,Outside-Con1) 10.22.160.70 10.22.160.70 netmask 255.255.255.0
clear xlate interface Bridge-Con1 global 10.22.160.70 netmask 255.255.255.0
I sure would have thought this would follow the recommendation above... but, still no joy.
If any of you security junkies has come across this issue and resolved it, I'm so appreciate it.
Mike
There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.